From a6f9738fd2bda70428ebe49a7be0696ea997406c Mon Sep 17 00:00:00 2001 From: Jonathan Druart Date: Thu, 9 Aug 2018 10:31:51 -0300 Subject: [PATCH] Bug 13618: Escape HTML chars in holds.js Signed-off-by: Owen Leonard Signed-off-by: Martin Renvoize Signed-off-by: Nick Clemens --- koha-tmpl/intranet-tmpl/prog/js/holds.js | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/koha-tmpl/intranet-tmpl/prog/js/holds.js b/koha-tmpl/intranet-tmpl/prog/js/holds.js index e3b68c119b..feafe5ca2d 100644 --- a/koha-tmpl/intranet-tmpl/prog/js/holds.js +++ b/koha-tmpl/intranet-tmpl/prog/js/holds.js @@ -22,16 +22,16 @@ $(document).ready(function() { title = "" - + oObj.title; + + oObj.title.escapeHtml(); $.each(oObj.subtitle, function( index, value ) { - title += " " + value.subfield; + title += " " + value.subfield.escapeHtml(); }); title += ""; if ( oObj.author ) { - title += " " + BY.replace( "_AUTHOR_", oObj.author ); + title += " " + BY.replace( "_AUTHOR_", oObj.author.escapeHtml() ); } if ( oObj.itemnotes ) { @@ -39,7 +39,7 @@ $(document).ready(function() { if ( $.datepicker.formatDate('yy-mm-dd', new Date(oObj.issuedate) ) == ymd ) { span_class = "circ-hlt"; } - title += " - " + oObj.itemnotes + "" + title += " - " + oObj.itemnotes.escapeHtml() + "" } return title; @@ -47,7 +47,7 @@ $(document).ready(function() { }, { "mDataProp": function( oObj ) { - return oObj.itemcallnumber || ""; + return oObj.itemcallnumber.escapeHtml() || ""; } }, { @@ -91,7 +91,7 @@ $(document).ready(function() { + "#" + oObj.itemnumber + "'>" - + oObj.barcode + + oObj.barcode.escapeHtml() + ""; } @@ -114,12 +114,12 @@ $(document).ready(function() { selectedbranch = ''; setbranch = ''; } - branchSelect += ''; + branchSelect += ''; } branchSelect +=''; return branchSelect; } - else { return oObj.branchcode || ""; } + else { return oObj.branchcode.escapeHtml() || ""; } } }, { "mDataProp": "expirationdate_formatted" }, -- 2.20.1