changeset 5899:d0567fba754e

escape user- or admin-defined css url
author Thomas Waldmann <tw AT waldmann-edv DOT de>
date Sat, 08 Dec 2012 21:47:40 +0100
parents d3090fb6624f
children c98ec456e493
files MoinMoin/theme/__init__.py
diffstat 1 files changed, 1 insertions(+), 1 deletions(-) [+]
line wrap: on
line diff
--- a/MoinMoin/theme/__init__.py	Sat Dec 08 21:20:24 2012 +0100
+++ b/MoinMoin/theme/__init__.py	Sat Dec 08 21:47:40 2012 +0100
@@ -687,7 +687,7 @@
         if theme:
             href = '%s/%s/css/%s.css' % (self.cfg.url_prefix_static, self.name, href)
         attrs = 'type="text/css" charset="%s" media="%s" href="%s"' % (
-                self.stylesheetsCharset, media, href, )
+                self.stylesheetsCharset, media, wikiutil.escape(href, True), )
         if title:
             return '<link rel="alternate stylesheet" %s title="%s">' % (attrs, title)
         else: