Escape text nodes changed via the web editor before sending the content
it to the server controller.
It is done since the content is unescaped one time when being displayed,
and it is not done for inline style and script tags (which may be
injected by dropping a snippet) since that would break them.
replacing the solution in cdb900044.
When saving a template in version 8.0, html would be saved as it should
be displayed once on the site. In particular, if some text should be
escaped once send to the browser, it will be saved as such.
But when rendering, a text node content is unescaped two times:
* for translation which seems wrong since we already use .text of a node
which already escaped it, doing it one more time is bad,
* when rendering the template, since the html template is stored in xml,
This commit remove superfluous unescaping for translation, and add an
escaping when saving the changed template content.
closes#7967
opw-646889
Didn't manage to find RTE settings to avoid losing leading whitespace of
lines, so reindeint arch after doing all integration, right before saving back
to view's field.
* html.fromstring(parser=HTMLParser(remove_blank_text=True) does not seem to
work, so serialize to XML, and parse back with
remove_blank_text. remove_blank_text necessary for lxml's pretty_print to
work correctly.
* pretty_print only & always uses 2 spaces/indent level. Our files (and the
HTML editor's Format button) uses 4 spaces -> need a second pass to double
indents.
bzr revid: xmo@openerp.com-20140227125934-q8j3z440px2ic6kx
Before, would save view section itself (including root element). But
branding distribution (and thus editability) are set on the last
programmatic root, thus the root element may well be generated
e.g. <span t-att-foo> will define the span itself as editable.
Saving this would remove the programmatic content on the node, and
thus break the view section altogether.
Fix the issue by only saving the root's content in the previous root.
bzr revid: xmo@openerp.com-20131217112034-nbxbg919cffv4w51