escape & too

pandora/edit/models.py

@@ -13,6 +13,7 @@ from django.conf import settings
 from django.db import models, transaction
 from django.db.models import Max
 from django.contrib.auth import get_user_model
+from django.core.cache import cache
 
 from oxdjango.fields import JSONField
 

static/js/documentInfoView.js

@@ -429,7 +429,7 @@ pandora.ui.documentInfoView = function(data, isMixed) {
     function formatLink(value, key) {
         return (Ox.isArray(value) ? value : [value]).map(function(value) {
             return key
-                ? '<a href="/documents/' + key + '=' + value + '">' + value + '</a>'
+                ? '<a href="/documents/' + key + '=' + pandora.escapeQueryValue(value) + '">' + value + '</a>'
                 : value;
         }).join(', ');
     }