From d8127e8936f4143992e8e0f084759bbcebb586d3 Mon Sep 17 00:00:00 2001
From: Yohann D'ANELLO <yohann.danello@gmail.com>
Date: Fri, 31 Jul 2020 19:00:19 +0200
Subject: [PATCH] Escape strings
---
templates/note/conso_form.html | 8 ++++----
templates/note/transaction_form.html | 2 +-
2 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/templates/note/conso_form.html b/templates/note/conso_form.html
index 005e3e05..e6335c6e 100644
--- a/templates/note/conso_form.html
+++ b/templates/note/conso_form.html
@@ -161,8 +161,8 @@
{% if button.display %}
$("#highlighted_button{{ button.id }}").click(function() {
addConso({{ button.destination_id }}, {{ button.amount }},
- {{ polymorphic_ctype }}, {{ button.category_id }}, "{{ button.category.name }}",
- {{ button.id }}, "{{ button.name }}");
+ {{ polymorphic_ctype }}, {{ button.category_id }}, "{{ button.category.name|escapejs }}",
+ {{ button.id }}, "{{ button.name|escapejs }}");
});
{% endif %}
{% endfor %}
@@ -172,8 +172,8 @@
{% if button.display %}
$("#button{{ button.id }}").click(function() {
addConso({{ button.destination_id }}, {{ button.amount }},
- {{ polymorphic_ctype }}, {{ button.category_id }}, "{{ button.category.name }}",
- {{ button.id }}, "{{ button.name }}");
+ {{ polymorphic_ctype }}, {{ button.category_id }}, "{{ button.category.name|escapejs }}",
+ {{ button.id }}, "{{ button.name|escapejs }}");
});
{% endif %}
{% endfor %}
diff --git a/templates/note/transaction_form.html b/templates/note/transaction_form.html
index fd3e5406..cb7df094 100644
--- a/templates/note/transaction_form.html
+++ b/templates/note/transaction_form.html
@@ -160,7 +160,7 @@ SPDX-License-Identifier: GPL-2.0-or-later
TRANSFER_POLYMORPHIC_CTYPE = {{ polymorphic_ctype }};
SPECIAL_TRANSFER_POLYMORPHIC_CTYPE = {{ special_polymorphic_ctype }};
user_id = {{ user.note.pk }};
- username = "{{ user.username }}";
+ username = "{{ user.username|escapejs }}";
</script>
<script src="/static/js/transfer.js"></script>
{% endblock %}
--
GitLab