Usage of Template Toolkit plugin KohaSpan as filter is actually :
Group [% added.title | $KohaSpan class = 'name' | $raw %] created.
But KohaSpan filter does not escape HTML characters.
Whe should filter HTML then KohaSpan.
This patch adds TT html filter before KohaSpan.
Also replaces in Javascript html() with text()
to ensure special caracters are still encoded.
See https://api.jquery.com/text/
Test plan :
1) Create a library with name Libra'rie
2) Create a library group with name Grou'pe
3) Play with this group
4) Add library
5) Remove library
6) Edit group
7) Delete group
8) Each time check that &apos, is not interpreted as single quote
Signed-off-by: Solène Desvaux <solene.desvaux@biblibre.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Fridolin Somers
be18ee7aa5