From 071ba2e49bfd8eac30bd97f297d0b6ad62265d8c Mon Sep 17 00:00:00 2001 From: Didier Gautheron Date: Mon, 27 Apr 2020 14:42:49 +0200 Subject: [PATCH] Bug 25291: Escape barcode in ReturnClaims table display Test Plan: 1) Set ClaimReturnedLostValue 2) Create a checkout 3) Claim a return 4) Change the barcode to something with html inside, will do Without this patch cgi-bin/koha/members/moremember.pl claim tab barcode link is broken. Signed-off-by: Kyle M Hall Signed-off-by: Jonathan Druart Signed-off-by: Martin Renvoize Signed-off-by: Joy Nelson --- koha-tmpl/intranet-tmpl/prog/js/checkouts.js | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/koha-tmpl/intranet-tmpl/prog/js/checkouts.js b/koha-tmpl/intranet-tmpl/prog/js/checkouts.js index a665360fb7..79a6dd2c5c 100644 --- a/koha-tmpl/intranet-tmpl/prog/js/checkouts.js +++ b/koha-tmpl/intranet-tmpl/prog/js/checkouts.js @@ -916,7 +916,13 @@ $(document).ready(function() { if ( oObj.author ) { title += ' by ' + oObj.author; } - title += ' ' + oObj.barcode + ''; + title += ' ' + + (oObj.barcode ? oObj.barcode.escapeHtml() : "") + + ''; return title; } -- 2.39.5