Commit de3c7396 authored by IKEDA Soji's avatar IKEDA Soji
Browse files

[bug] Template strings passed to javascript were not escaped.

Fixed by escaping them with escape_cstr filter.
parent 441761e5
......@@ -10,19 +10,19 @@
<!--
[%# A few configuration settings and miscellaneous vars. ~%]
var sympa = {
backText: "[%|loc%]Back[%END%]",
calendarButtonText: "[%|loc%]Calendar[%END%]",
backText: '[%"Back"|loc|escape_cstr%]',
calendarButtonText: '[%"Calendar"|loc|escape_cstr%]',
calendarFirstDay: 0,
closeText: "[%|loc%]Close[%END%]",
dayNames: "[%|loc%]Sunday:Monday:Tuesday:Wednesday:Thursday:Friday:Saturday[%END%]".split(":"),
dayNamesMin: "[%|loc%]Su:Mo:Tu:We:Th:Fr:Sa[%END%]".split(":"),
home_url: '[% path_cgi %]/',
icons_url: '[% icons_url %]',
lang: '[% lang %]',
loadingText: "[%|loc%]Please Wait...[%END%]",
monthNamesShort: "[%|loc%]Jan:Feb:Mar:Apr:May:Jun:Jul:Aug:Sep:Oct:Nov:Dec[%END%]".split(":"),
openInNewWinText: "[%|loc%]Open in a new window[%END%]",
resetText: "[%|loc%]Reset[%END%]"
closeText: '[%"Close"|loc|escape_cstr%]',
dayNames: '[%"Sunday:Monday:Tuesday:Wednesday:Thursday:Friday:Saturday"|loc|escape_cstr%]'.split(":"),
dayNamesMin: '[%"Su:Mo:Tu:We:Th:Fr:Sa"|loc|escape_cstr%]'.split(":"),
home_url: '[% path_cgi | escape_cstr %]/',
icons_url: '[% icons_url | escape_cstr %]',
lang: '[% lang | escape_cstr %]',
loadingText: '[%"Please Wait..."|loc|escape_cstr%]',
monthNamesShort: '[%"Jan:Feb:Mar:Apr:May:Jun:Jul:Aug:Sep:Oct:Nov:Dec"|loc|escape_cstr%]'.split(":"),
openInNewWinText: '[%"Open in a new window"|loc|escape_cstr%]',
resetText: '[%"Reset"|loc|escape_cstr%]'
};
[%# Variable for backward compatibility. ~%]
var lang = '[% lang %]';
......
......@@ -21,7 +21,7 @@
<!--
var line = [% o.stats_values %];
$.jqplot('[% chartid %]', [line], {
title: '[% o.title.replace('([\\\\\'])', '\\\\$1') %]',
title: '[% o.title | escape_cstr %]',
axesDefaults: {
min: 0,
tickRenderer: $.jqplot.CanvasAxisTickRenderer,
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment