diff --git a/fusion_helpdesk/controllers/main.py b/fusion_helpdesk/controllers/main.py index a515f546..3fb22ab5 100644 --- a/fusion_helpdesk/controllers/main.py +++ b/fusion_helpdesk/controllers/main.py @@ -598,9 +598,14 @@ class FusionHelpdeskController(http.Controller): return {'ok': False, 'error': 'not_found', 'message': _('Ticket not found or not accessible.')} author_id = self._resolve_author(cfg, ident, found[0]) + # We escape the user's text ourselves, then mark it up as paragraphs. + # message_post() ESCAPES a plain str body (it expects a Markup for + # HTML) — but Markup can't cross XML-RPC, so we pass body_is_html=True + # which tells the remote message_post to treat our already-escaped + # HTML as Markup. Without this the customer would see literal

tags. html = '

%s

' % _html_escape(text).replace('\n', '
') self._rpc(cfg, 'helpdesk.ticket', 'message_post', [[ticket_id]], { - 'body': html, 'message_type': 'comment', + 'body': html, 'body_is_html': True, 'message_type': 'comment', 'subtype_xmlid': 'mail.mt_comment', 'author_id': author_id, }) messages = self._public_messages(cfg, ticket_id)