Fix critical issues in regexs used by _unescape_entities function.

secretary.py

@@ -307,11 +307,11 @@ class Renderer(object):
         and unescapes HTML codes for >, <, & and "
         """
         unescape_rules = {
-            r'(?is)({([{|%])[^%|}]*?)(</?text:s.*?>)(.*?[%|}]})': r'\1 \4',
-            r'(?is)({([{|%])[^%|}]*?)(&gt;)(.*?[%|}]})'         : r'\1>\4',
-            r'(?is)({([{|%])[^%|}]*?)(&lt;)(.*?[%|}]})'         : r'\1<\4',
-            r'(?is)({([{|%])[^%|}]*?)(&amp;)(.*?[%|}]})'        : r'\1&\4',
-            r'(?is)({([{|%])[^%|}]*?)(&quot;)(.*?[%|}]})'       : r'\1"\4',
+            r'(?is)({([{%])[^%}]*?)(</?text:s.*?>)(.*?[%}]})': r'\1 \4',
+            r'(?is)({([{%])[^%}]*?)(&gt;)(.*?[%}]})'         : r'\1>\4',
+            r'(?is)({([{%])[^%}]*?)(&lt;)(.*?[%}]})'         : r'\1<\4',
+            r'(?is)({([{%])[^%}]*?)(&amp;)(.*?[%}]})'        : r'\1&\4',
+            r'(?is)({([{%])[^%}]*?)(&quot;)(.*?[%}]})'       : r'\1"\4',
         }
 
         for regexp, replacement in unescape_rules.items():