diff --git a/fusion_helpdesk/controllers/main.py b/fusion_helpdesk/controllers/main.py index a515f546..3fb22ab5 100644 --- a/fusion_helpdesk/controllers/main.py +++ b/fusion_helpdesk/controllers/main.py @@ -598,9 +598,14 @@ class FusionHelpdeskController(http.Controller): return {'ok': False, 'error': 'not_found', 'message': _('Ticket not found or not accessible.')} author_id = self._resolve_author(cfg, ident, found[0]) + # We escape the user's text ourselves, then mark it up as paragraphs. + # message_post() ESCAPES a plain str body (it expects a Markup for + # HTML) — but Markup can't cross XML-RPC, so we pass body_is_html=True + # which tells the remote message_post to treat our already-escaped + # HTML as Markup. Without this the customer would see literal
tags. html = '
%s
' % _html_escape(text).replace('\n', '