From: Bill Erickson Date: Wed, 17 Jun 2015 17:27:05 +0000 (-0400) Subject: LP#1446816 HTML-escape notes in XUL patron alert page X-Git-Url: https://old-git.evergreen-ils.org/?a=commitdiff_plain;h=871cbc482a04be9b822311dbf5298aa6a42cf9b6;p=contrib%2FConifer.git LP#1446816 HTML-escape notes in XUL patron alert page Avoid rendering HTML contained in patron messages, etc. in the XUL patron stop-sign page. Thanks to Jason Etheridge, ESI for noting this problem and contributing the original patch fix. Signed-off-by: Bill Erickson Signed-off-by: Ben Shum --- diff --git a/Open-ILS/xul/staff_client/server/patron/display.js b/Open-ILS/xul/staff_client/server/patron/display.js index 87b50e2ec6..ba8a5b4317 100644 --- a/Open-ILS/xul/staff_client/server/patron/display.js +++ b/Open-ILS/xul/staff_client/server/patron/display.js @@ -960,7 +960,7 @@ patron.display.prototype = { obj._already_defaulted_once = true; var msg = ''; obj.stop_checkouts = false; if (patron.alert_message()) - msg += $("patronStrings").getFormattedString('staff.patron.display.init.network_request.alert_message', [patron.alert_message()]) + '

'; + msg += $("patronStrings").getFormattedString('staff.patron.display.init.network_request.alert_message', [(patron.alert_message()).replace(//g,'>')]) + '

'; //alert('obj.barcode = ' + obj.barcode); if (obj.barcode) { if (patron.cards()) for (var i = 0; i < patron.cards().length; i++) { @@ -1020,9 +1020,9 @@ patron.display.prototype = { dl_flag_opened = true; } msg += '
'; - msg += obj.OpenILS.data.hash.aou[ penalties[i].org_unit() ].shortname() + ' : ' + penalties[i].standing_penalty().label() + '
'; + msg += (obj.OpenILS.data.hash.aou[ penalties[i].org_unit() ].shortname() + ' : ' + penalties[i].standing_penalty().label()).replace(//g,'>') + '
'; msg += '
'; - msg += (penalties[i].note())?penalties[i].note():''; + msg += ((penalties[i].note())?penalties[i].note():'').replace(//g,'>'); msg += '
'; } }