From 19a30acaece904aeedcc6a3728e3815895d10c56 Mon Sep 17 00:00:00 2001 From: Nick Clemens Date: Wed, 11 Nov 2020 03:11:56 +0000 Subject: [PATCH] Bug 26988: (follow-up) Fix filter and encode api values and escape rendered values This patch makes the QA tools happy and follows correct procedures for passing data to and rendering data from the api Signed-off-by: Tomas Cohen Arazi Signed-off-by: Jonathan Druart --- koha-tmpl/intranet-tmpl/prog/en/includes/holds_table.inc | 2 +- koha-tmpl/intranet-tmpl/prog/js/holds.js | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/koha-tmpl/intranet-tmpl/prog/en/includes/holds_table.inc b/koha-tmpl/intranet-tmpl/prog/en/includes/holds_table.inc index 7482981429..59f33cd2a0 100644 --- a/koha-tmpl/intranet-tmpl/prog/en/includes/holds_table.inc +++ b/koha-tmpl/intranet-tmpl/prog/en/includes/holds_table.inc @@ -136,7 +136,7 @@ - + [% END %] [% END %] diff --git a/koha-tmpl/intranet-tmpl/prog/js/holds.js b/koha-tmpl/intranet-tmpl/prog/js/holds.js index f6a941979d..cdf5b9912a 100644 --- a/koha-tmpl/intranet-tmpl/prog/js/holds.js +++ b/koha-tmpl/intranet-tmpl/prog/js/holds.js @@ -308,7 +308,7 @@ $(document).ready(function() { var hold_id = $(this).data('hold_id'); $(".loading_"+hold_id).show(); var preselected = $(this).data('selected'); - var api_url = '/api/v1/holds/'+hold_id+'/pickup_locations'; + var api_url = '/api/v1/holds/' + encodeURIComponent(hold_id) + '/pickup_locations'; $.ajax({ method: "GET", url: api_url, @@ -318,7 +318,7 @@ $(document).ready(function() { if( preselected == library.library_id ){ selected = ' selected="selected" '; } else { selected = ""; } - dropdown += ''; + dropdown += ''; }); this_dropdown.html(dropdown); this_dropdown.data("loaded",1); -- 2.39.2