From a91c397601c49520ff7a3c7d4b0f084230a665db Mon Sep 17 00:00:00 2001
From: Sergey Motornyuk <sergey.motornyuk@linkdigital.com.au>
Date: Wed, 5 Jul 2017 11:21:37 +0300
Subject: [PATCH] Fix of incorrect output of datapusher logs

---
 CHANGELOG.rst                             |  1 +
 ckan/lib/helpers.py                       | 12 ++++++++++--
 ckan/templates/package/resource_data.html |  2 +-
 3 files changed, 12 insertions(+), 3 deletions(-)

diff --git a/CHANGELOG.rst b/CHANGELOG.rst
index a3d99c37991..f84db79aa7e 100644
--- a/CHANGELOG.rst
+++ b/CHANGELOG.rst
@@ -20,6 +20,7 @@ v2.5.5 2017-06-29
 * Fix filter results button not working for organization/group (#3620)
 * Allow underscores in URL slug preview on create dataset (#3612)
 * Create new resource view if resource format changed (#3515)
+* Fixed incorrect escaping in `mail_to` and datapusher's log
 
 v2.5.5 2017-03-22
 =================
diff --git a/ckan/lib/helpers.py b/ckan/lib/helpers.py
index a9b4e9144fc..cfe64721428 100644
--- a/ckan/lib/helpers.py
+++ b/ckan/lib/helpers.py
@@ -19,8 +19,7 @@
 from urllib import urlencode
 
 from paste.deploy.converters import asbool
-from webhelpers.html import escape, HTML, literal, url_escape
-from webhelpers.html.tools import mail_to
+from webhelpers.html import HTML, literal, url_escape
 from webhelpers.html.tags import *
 from webhelpers import paginate
 from webhelpers.text import truncate
@@ -47,6 +46,7 @@
 from ckan.common import (
     _, ungettext, g, c, request, session, json, OrderedDict
 )
+from markupsafe import Markup, escape
 
 
 MARKDOWN_TAGS = set([
@@ -2157,6 +2157,13 @@ def license_options(existing_license_id=None):
         for license_id in license_ids]
 
 
+def mail_to(email_address, name):
+    email = escape(email_address)
+    author = escape(name)
+    html = Markup(u'<a href=mailto:{0}>{1}</a>'.format(email, author))
+    return html
+
+
 # these are the functions that will end up in `h` template helpers
 __allowed_functions__ = [
     # functions defined in ckan.lib.helpers
@@ -2277,4 +2284,5 @@ def license_options(existing_license_id=None):
     'check_config_permission',
     'view_resource_url',
     'license_options',
+    'clean_html',
 ]
diff --git a/ckan/templates/package/resource_data.html b/ckan/templates/package/resource_data.html
index c79d72a2947..f6ef536846c 100644
--- a/ckan/templates/package/resource_data.html
+++ b/ckan/templates/package/resource_data.html
@@ -71,7 +71,7 @@ <h3>{{ _('Upload Log') }}</h3>
             {{ item.message | urlize }}<br>
             <span class="date" title="{{ h.render_datetime(item.timestamp, with_hours=True) }}">
               {{ h.time_ago_from_timestamp(item.timestamp) }}
-              <a href="#" data-target="popover" data-content="<dl>{% for key, value in item.iteritems() %}<dt>{{ key }}</dt><dd>{{ value }}</dd>{% endfor %}</dl>" data-html="true">{{ _('Details') }}</a>
+              <a href="#" data-target="popover" data-content="<dl>{% for key, value in item.iteritems() %}<dt>{{ key }}</dt><dd>{{ h.clean_html(value) }}</dd>{% endfor %}</dl>" data-html="true">{{ _('Details') }}</a>
             </span>
           </p>
         </li>