From e5b64d989a381e7038bbbab962a7a97ef0747a61 Mon Sep 17 00:00:00 2001 From: Jonathan Druart Date: Tue, 7 Mar 2023 17:40:20 +0100 Subject: [PATCH] Bug 33066: Restore HTML escaping MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit And we add a render function that will escape by default Signed-off-by: Pedro Amorim Signed-off-by: Agustín Moyano Signed-off-by: Tomas Cohen Arazi (cherry picked from commit 4e129cd5fee9927a148cd525b429e84e86b94d61) Signed-off-by: Martin Renvoize --- .../prog/js/vue/components/ERM/AgreementsList.vue | 6 ++++-- .../prog/js/vue/components/ERM/LicensesList.vue | 6 ++++-- .../prog/js/vue/components/KohaTable.vue | 11 +++++++++++ 3 files changed, 19 insertions(+), 4 deletions(-) diff --git a/koha-tmpl/intranet-tmpl/prog/js/vue/components/ERM/AgreementsList.vue b/koha-tmpl/intranet-tmpl/prog/js/vue/components/ERM/AgreementsList.vue index 0606a1db49..76efa88a44 100644 --- a/koha-tmpl/intranet-tmpl/prog/js/vue/components/ERM/AgreementsList.vue +++ b/koha-tmpl/intranet-tmpl/prog/js/vue/components/ERM/AgreementsList.vue @@ -224,7 +224,7 @@ export default { '' + - row.name + + escape_str(row.name) + "" ) }, @@ -235,7 +235,9 @@ export default { searchable: true, orderable: true, render: function (data, type, row, meta) { - return row.vendor_id != undefined ? row.vendor.name : "" + return row.vendor_id != undefined + ? escape_str(row.vendor.name) + : "" }, }, { diff --git a/koha-tmpl/intranet-tmpl/prog/js/vue/components/ERM/LicensesList.vue b/koha-tmpl/intranet-tmpl/prog/js/vue/components/ERM/LicensesList.vue index 70ba46b3c0..86c3a311fd 100644 --- a/koha-tmpl/intranet-tmpl/prog/js/vue/components/ERM/LicensesList.vue +++ b/koha-tmpl/intranet-tmpl/prog/js/vue/components/ERM/LicensesList.vue @@ -140,7 +140,7 @@ export default { '' + - row.name + + escape_str(row.name) + "" ) }, @@ -151,7 +151,9 @@ export default { searchable: true, orderable: true, render: function (data, type, row, meta) { - return row.vendor_id != undefined ? row.vendor.name : "" + return row.vendor_id != undefined + ? escape_str(row.vendor.name) + : "" }, }, diff --git a/koha-tmpl/intranet-tmpl/prog/js/vue/components/KohaTable.vue b/koha-tmpl/intranet-tmpl/prog/js/vue/components/KohaTable.vue index 6965576a99..3e5d809ed0 100644 --- a/koha-tmpl/intranet-tmpl/prog/js/vue/components/KohaTable.vue +++ b/koha-tmpl/intranet-tmpl/prog/js/vue/components/KohaTable.vue @@ -50,6 +50,17 @@ export default { }, buttons, search: { search: this.$route.query.q }, + columnDefs: [ + { + targets: "_all", + render: function (data, type, row, meta) { + if (type == "display") { + return escape_str(data) + } + return data + }, + }, + ], ...this.options, }, hidden_ids, -- 2.39.5