[FIX] base: sanitize module description

hoatle · Sep 11, 2015 · a7ff110 · a7ff110
1 parent 909e6e3
commit a7ff110
Showing 1 changed file with 4 additions and 2 deletions.
diff --git a/openerp/addons/base/module/module.py b/openerp/addons/base/module/module.py
@@ -45,6 +45,7 @@
 from openerp.modules.db import create_categories
 from openerp.tools.parse_version import parse_version
 from openerp.tools.translate import _
+from openerp.tools import html_sanitize
 from openerp.osv import fields, osv, orm
 
 _logger = logging.getLogger(__name__)
@@ -154,9 +155,10 @@ def get_module_info(cls, name):
     def _get_desc(self, cr, uid, ids, field_name=None, arg=None, context=None):
         res = dict.fromkeys(ids, '')
         for module in self.browse(cr, uid, ids, context=context):
-            overrides = dict(embed_stylesheet=False, doctitle_xform=False, output_encoding='unicode')
+            overrides = dict(embed_stylesheet=False, doctitle_xform=False,
+                             output_encoding='unicode', xml_declaration=False)
             output = publish_string(source=module.description, settings_overrides=overrides, writer=MyWriter())
-            res[module.id] = output
+            res[module.id] = html_sanitize(output)
         return res
 
     def _get_latest_version(self, cr, uid, ids, field_name=None, arg=None, context=None):