Browse Source

Bug 20891: Escape html then JSON

To my understanding we need to escape first html chars then to JSON.

If this patch works we will need to rethink the 'To' TT plugin.
It was originally designed to have several escape methods, but with
these changes it will not make sense to name it 'To' if used only to
escape JSON

IIRC we should keep the 2 different ways to use it:
 * [% To.json( string ) %]
 * [% string | $To %]
otherwise it will be hard to use it when called in argument of
patron-title.inc (`git grep To.json`)

Signed-off-by: Liz Rea <wizzyrea@gmail.com>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
19.05.x
Jonathan Druart 3 years ago
committed by Nick Clemens
parent
commit
bdf0d85c1d
  1. 9
      Koha/Template/Plugin/To.pm
  2. 4
      koha-tmpl/intranet-tmpl/prog/en/modules/virtualshelves/tables/shelves_results.tt

9
Koha/Template/Plugin/To.pm

@ -19,9 +19,11 @@ package Koha::Template::Plugin::To;
use Modern::Perl;
use base qw( Template::Plugin );
use Template::Plugin::Filter;
use base qw( Template::Plugin::Filter );
use JSON qw( to_json );
our $DYNAMIC = 1;
sub json {
my ( $self, $value ) = @_;
@ -34,4 +36,9 @@ sub json {
return $json;
}
sub filter {
my ( $self, $value ) = @_;
return $self->json($value);
}
1;

4
koha-tmpl/intranet-tmpl/prog/en/modules/virtualshelves/tables/shelves_results.tt

@ -11,13 +11,13 @@
"dt_type":
"[% data.type | html %]",
"dt_shelfname":
"<a href='/cgi-bin/koha/virtualshelves/shelves.pl?op=view&shelfnumber=[% data.shelfnumber | html %]'>[% To.json(data.shelfname) | html%]</a>",
"<a href='/cgi-bin/koha/virtualshelves/shelves.pl?op=view&shelfnumber=[% data.shelfnumber | html %]'>[% data.shelfname | html | $To %]</a>",
"dt_count":
"[% data.count | html %] item(s)",
"dt_is_shared":
"[% IF data.type == 2 %]Public[% ELSIF data.is_shared %]Shared[% ELSE %]Private[% END %]",
"dt_owner":
"<a href='/cgi-bin/koha/members/moremember.pl?borrowernumber=[% data.owner | html %]'>[% To.json(data.firstname) | html %] [% To.json(data.surname) | html %]</a>",
"<a href='/cgi-bin/koha/members/moremember.pl?borrowernumber=[% data.owner | html %]'>[% data.firstname | html | $To %] [% data.surname | html | $To %]</a>",
"dt_sortby":
[% IF data.sortby == "author" %]"Author"[% ELSIF data.sortby == "copyrightdate" %]"Year"[% ELSIF data.sortby == "itemcallnumber" %]"Call number"[% ELSIF data.sortby == "dateadded" %]"Date added"[% ELSE %]"Title"[% END %],
"dt_created_on":

Loading…
Cancel
Save