Properly escape JS code in script tag for the ordered-select widget. See

LP829484.
zopefoundation · Jan 4, 2012 · 730e070 · 730e070
1 parent ef39e8b
commit 730e070
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 0 deletions.
diff --git a/CHANGES.txt b/CHANGES.txt
@@ -18,11 +18,15 @@ CHANGES
 
 - Make zope.container dependency more optional (it is only used in tests)
 
+- Properly escape JS code in script tag for the ordered-select widget. See
+  LP829484.
+
 - Cleaned whitespace in page templates.
 
 - Fix ``IGroupForm`` interface and actually use it in the ``GroupForm``
   class. See LP580839.
 
+- Added Spanish translation.
 
 2.5.1 (2011-11-26)
 ------------------

diff --git a/src/z3c/form/browser/orderedselect_input.pt b/src/z3c/form/browser/orderedselect_input.pt
@@ -220,8 +220,10 @@ function selectionError()
             tal:attributes="id string:${view/id}-toDataContainer">
         <script type="text/javascript" tal:content="string:
           copyDataForSubmit('${view/id}');">
+          /*  <![CDATA[ */
           // initial copying of field "field.to" --> "field"
           copyDataForSubmit("<i tal:replace="${view/id}"/>");
+          /* ]]> */
         </script>
       </span>
     </td>