From d8127e8936f4143992e8e0f084759bbcebb586d3 Mon Sep 17 00:00:00 2001 From: Yohann D'ANELLO Date: Fri, 31 Jul 2020 19:00:19 +0200 Subject: [PATCH] Escape strings --- templates/note/conso_form.html | 8 ++++---- templates/note/transaction_form.html | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/templates/note/conso_form.html b/templates/note/conso_form.html index 005e3e05..e6335c6e 100644 --- a/templates/note/conso_form.html +++ b/templates/note/conso_form.html @@ -161,8 +161,8 @@ {% if button.display %} $("#highlighted_button{{ button.id }}").click(function() { addConso({{ button.destination_id }}, {{ button.amount }}, - {{ polymorphic_ctype }}, {{ button.category_id }}, "{{ button.category.name }}", - {{ button.id }}, "{{ button.name }}"); + {{ polymorphic_ctype }}, {{ button.category_id }}, "{{ button.category.name|escapejs }}", + {{ button.id }}, "{{ button.name|escapejs }}"); }); {% endif %} {% endfor %} @@ -172,8 +172,8 @@ {% if button.display %} $("#button{{ button.id }}").click(function() { addConso({{ button.destination_id }}, {{ button.amount }}, - {{ polymorphic_ctype }}, {{ button.category_id }}, "{{ button.category.name }}", - {{ button.id }}, "{{ button.name }}"); + {{ polymorphic_ctype }}, {{ button.category_id }}, "{{ button.category.name|escapejs }}", + {{ button.id }}, "{{ button.name|escapejs }}"); }); {% endif %} {% endfor %} diff --git a/templates/note/transaction_form.html b/templates/note/transaction_form.html index fd3e5406..cb7df094 100644 --- a/templates/note/transaction_form.html +++ b/templates/note/transaction_form.html @@ -160,7 +160,7 @@ SPDX-License-Identifier: GPL-2.0-or-later TRANSFER_POLYMORPHIC_CTYPE = {{ polymorphic_ctype }}; SPECIAL_TRANSFER_POLYMORPHIC_CTYPE = {{ special_polymorphic_ctype }}; user_id = {{ user.note.pk }}; - username = "{{ user.username }}"; + username = "{{ user.username|escapejs }}"; {% endblock %}