From 726d3e180830493270d6c2d1c45bbd7cf363a1c8 Mon Sep 17 00:00:00 2001
From: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>
Date: Mon, 21 Feb 2022 04:58:10 +0000
Subject: [PATCH] Revert "Bug 26102: Prevent XSS when To.json is used:
 admin/preferences.tt"

This reverts commit f2063ecd9ff72537408c30516a4e0a8651f6c5d2.
---
 koha-tmpl/intranet-tmpl/prog/en/modules/admin/preferences.tt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/admin/preferences.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/admin/preferences.tt
index 814af9ea85..38ecd63e1c 100644
--- a/koha-tmpl/intranet-tmpl/prog/en/modules/admin/preferences.tt
+++ b/koha-tmpl/intranet-tmpl/prog/en/modules/admin/preferences.tt
@@ -200,7 +200,7 @@
 
         });
         // This is here because of its dependence on template variables, everything else should go in js/pages/preferences.js - jpw
-        var to_highlight = "[% To.json( searchfield ) | html %]";
+        var to_highlight = "[% searchfield |replace("'", "\'") |replace('"', '\"') |replace('\n', '\\n') |replace('\r', '\\r') | html %]";
         var search_jumped = [% IF ( search_jumped ) %]true[% ELSE %]false[% END %];
         var MSG_NOTHING_TO_SAVE = _("Nothing to save");
         var MSG_SAVING = _("Saving...");
-- 
2.39.5