[FIX] Report: html escape the error json string

session.get_file appends the json to the body of the generated iframe and then tries to json.parse it by reading contentNode on the body. Exceptions from `report_download` method may contain `<` and `>`, so when json.parse tries to json.parse the contentNode, it reads only a part of the original json string. htmlescaping the json string solves the issue by preventing the content of the json string to be interpreted as html.

[FIX] Report: html escape the error json string
08604812 · Simon Lejeune · 80bb4422 · 08604812
Commit 08604812 authored 10 years ago by Simon Lejeune
--- a/addons/report/controllers/main.py
+++ b/addons/report/controllers/main.py
@@ -22,6 +22,7 @@
 from openerp.addons.web.http import Controller, route, request
 from openerp.addons.web.controllers.main import _serialize_exception
 from openerp.osv import osv
+from openerp.tools import html_escape

 import simplejson
 from werkzeug import exceptions, url_decode
@@ -137,7 +138,7 @@ class ReportController(Controller):
                'message': "Odoo Server Error",
                'data': se
            }
-            return request.make_response(simplejson.dumps(error))
+            return request.make_response(html_escape(simplejson.dumps(error)))

    @route(['/report/check_wkhtmltopdf'], type='json', auth="user")
    def check_wkhtmltopdf(self):