From f102e26da688de83c2ad46e52029d84f305a91da Mon Sep 17 00:00:00 2001 From: Tomas Cohen Arazi Date: Thu, 7 May 2020 11:00:19 -0300 Subject: [PATCH] Bug 25288: (follow-up) Use .escapeHtml() Signed-off-by: Tomas Cohen Arazi Signed-off-by: Jonathan Druart Signed-off-by: Jonathan Druart --- .../prog/en/modules/admin/branches.tt | 39 ++++++++++--------- 1 file changed, 21 insertions(+), 18 deletions(-) diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/admin/branches.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/admin/branches.tt index d7de9e8276..92d495437e 100644 --- a/koha-tmpl/intranet-tmpl/prog/en/modules/admin/branches.tt +++ b/koha-tmpl/intranet-tmpl/prog/en/modules/admin/branches.tt @@ -222,8 +222,6 @@ var columns_settings = [% ColumnsSettings.GetColumns( 'admin', 'libraries', 'libraries', 'json' ) | $raw %]; $(document).ready(function() { - const to_html = (x) => $('
').text(x).html(); - var libraries_url = '/api/v1/libraries'; var libraries = $("#libraries").api({ "ajax": { @@ -234,7 +232,12 @@ "targets": [0,1,3,4,7,8,9,10,11,12,13,14,15], "render": function (data, type, row, meta) { if ( type == 'display' ) { - return to_html(data); + if ( data != null ) { + return data.escapeHtml(); + } + else { + return ""; + } } return data; } @@ -253,27 +256,27 @@ { "data": function( row, type, val, meta ) { const library_info = []; - if ( row.address1 != null ) library_info.push(to_html(row.address1)); - if ( row.address2 != null ) library_info.push(to_html(row.address2)); - if ( row.address3 != null ) library_info.push(to_html(row.address3)); + if ( row.address1 != null ) library_info.push(row.address1.escapeHtml()); + if ( row.address2 != null ) library_info.push(row.address2.escapeHtml()); + if ( row.address3 != null ) library_info.push(row.address3.escapeHtml()); // geographical_location = city, state postal_code const locations = []; - if ( row.city != null ) locations.push(to_html(row.city)); - if ( row.state != null ) locations.push(to_html(row.state)); + if ( row.city != null ) locations.push(row.city.escapeHtml()); + if ( row.state != null ) locations.push(row.state.escapeHtml()); const geographical_location = locations.join(', '); if ( geographical_location != '' && row.postal_code != null) { - library_info.push(geographical_location+' '+to_html(row.postal_code)); + library_info.push(geographical_location+' '+row.postal_code.escapeHtml()); } else { library_info.push(geographical_location); } - if ( row.country != null ) library_info.push(to_html(row.country)); - if ( row.phone != null ) library_info.push(_("Ph: ") + to_html(row.phone)); - if ( row.fax != null ) library_info.push(_("Fax: ") + to_html(row.fax)); - if ( row.email != null ) library_info.push(''+to_html(row.email)+''); - if ( row.url != null ) library_info.push(''+to_html(row.url)+''); - if ( row.opac_info != null ) library_info.push(_("OPAC Info") + ':
'+to_html(row.opac_info)+'
'); - if ( row.notes != null ) library_info.push(_("Notes")+': '+to_html(row.notes)); + if ( row.country != null ) library_info.push(row.country.escapeHtml()); + if ( row.phone != null ) library_info.push(_("Ph: ") + row.phone.escapeHtml()); + if ( row.fax != null ) library_info.push(_("Fax: ") + row.fax.escapeHtml()); + if ( row.email != null ) library_info.push(''+row.email.escapeHtml()+''); + if ( row.url != null ) library_info.push(''+row.url.escapeHtml()+''); + if ( row.opac_info != null ) library_info.push(_("OPAC Info") + ':
'+row.opac_info.escapeHtml()+'
'); + if ( row.notes != null ) library_info.push(_("Notes")+': '+row.notes.escapeHtml()); return library_info.join('
'); }, "searchable": false, @@ -302,9 +305,9 @@ var result = ' '+_("Edit")+''; result += '
'; - result += ''+"\n"; + result += ''+"\n"; result += ''; - result += '
'; + result += ''; return result; -- 2.39.5