import openerp
from openerp.osv import orm, osv, fields
+from openerp.tools import html_escape as escape
from openerp.tools.safe_eval import safe_eval
from openerp.addons.web.http import request
for attachment in self.browse(cr, uid, ids, context=context):
# in-document URLs are html-escaped, a straight search will not
# find them
- url = werkzeug.utils.escape(attachment.website_url)
+ url = escape(attachment.website_url)
ids = Views.search(cr, uid, ["|", ('arch', 'like', '"%s"' % url), ('arch', 'like', "'%s'" % url)], context=context)
if ids:
import babel
import babel.dates
-import werkzeug.utils
from PIL import Image
import openerp.tools
-from openerp.tools.safe_eval import safe_eval as eval
from openerp.osv import osv, orm, fields
+from openerp.tools import html_escape as escape
+from openerp.tools.safe_eval import safe_eval as eval
from openerp.tools.translate import _
_logger = logging.getLogger(__name__)
for attribute in self._render_att:
if attribute_name[2:].startswith(attribute):
att, val = self._render_att[attribute](self, element, attribute_name, attribute_value, qwebcontext)
- generated_attributes += val and ' %s="%s"' % (att, werkzeug.utils.escape(val)) or " "
+ generated_attributes += val and ' %s="%s"' % (att, escape(val)) or " "
break
else:
if attribute_name[2:] in self._render_tag:
t_render = attribute_name[2:]
template_attributes[attribute_name[2:]] = attribute_value
else:
- generated_attributes += ' %s="%s"' % (attribute_name, werkzeug.utils.escape(attribute_value))
+ generated_attributes += ' %s="%s"' % (attribute_name, escape(attribute_value))
if 'debug' in template_attributes:
debugger = template_attributes.get('debug', 'pdb')
"""
Generates the metadata attributes (prefixed by ``data-oe-`` for the
root node of the field conversion. Attribute values are escaped by the
- parent using ``werkzeug.utils.escape``.
+ parent.
The default attributes are:
record._model._all_columns[field_name].column,
options, context=context)
if options.get('html-escape', True):
- content = werkzeug.utils.escape(content)
+ content = escape(content)
elif hasattr(content, '__html__'):
content = content.__html__()
except Exception:
if context and context.get('inherit_branding'):
# add branding attributes
g_att += ''.join(
- ' %s="%s"' % (name, werkzeug.utils.escape(value))
+ ' %s="%s"' % (name, escape(value))
for name, value in self.attributes(
cr, uid, field_name, record, options,
source_element, g_att, t_att, qweb_context)
val = {
'name': value.split("\n")[0],
- 'address': werkzeug.utils.escape("\n".join(value.split("\n")[1:])),
+ 'address': escape("\n".join(value.split("\n")[1:])),
'phone': field_browse.phone,
'mobile': field_browse.mobile,
'fax': field_browse.fax,
return self.pool['ir.qweb'].eval_str(inner, qwebcontext)
def format(self, inner, options, qwebcontext):
- return werkzeug.utils.escape(self._format(inner, options, qwebcontext))
+ return escape(self._format(inner, options, qwebcontext))
class QwebWidgetMonetary(osv.AbstractModel):
_name = 'ir.qweb.widget.monetary'
if options is None: options = {}
if options.get('html-escape', True):
- string = werkzeug.utils.escape(string)
+ string = escape(string)
return HTMLSafe(string.replace('\n', '<br>\n'))
def get_field_type(column, options):
import sys
import threading
import time
+import werkzeug.utils
import zipfile
from collections import defaultdict, Mapping
from datetime import datetime
from config import config
from cache import *
+from .parse_version import parse_version
import openerp
# get_encodings, ustr and exception_to_unicode were originally from tools.misc.
_logger.info("\n".join(code))
-
+# Avoid DeprecationWarning while still remaining compatible with werkzeug pre-0.9
+if parse_version(getattr(werkzeug, '__version__', '0.0')) < parse_version('0.9.0'):
+ def html_escape(text):
+ return werkzeug.utils.escape(text, quote=True)
+else:
+ def html_escape(text):
+ return werkzeug.utils.escape(text)
# vim:expandtab:smartindent:tabstop=4:softtabstop=4:shiftwidth=4: