From ea89357618bba3ed86439614fbb8e07bb6f11b6b Mon Sep 17 00:00:00 2001 From: plegall Date: Tue, 22 Nov 2022 11:04:57 +0100 Subject: [PATCH] fixes #1800 escape javascript strings (page broken in Catala) --- admin/themes/default/template/picture_modify.tpl | 16 ++++++++-------- admin/themes/default/template/user_list.tpl | 16 ++++++++-------- 2 files changed, 16 insertions(+), 16 deletions(-) diff --git a/admin/themes/default/template/picture_modify.tpl b/admin/themes/default/template/picture_modify.tpl index e301f9f3a..eb884f91f 100644 --- a/admin/themes/default/template/picture_modify.tpl +++ b/admin/themes/default/template/picture_modify.tpl @@ -45,18 +45,18 @@ jQuery("a.preview-box").colorbox({ photo: true }); -str_are_you_sure = '{'Are you sure?'|translate}'; -str_yes = '{'Yes, delete'|translate}'; +str_are_you_sure = '{'Are you sure?'|translate|escape:javascript}'; +str_yes = '{'Yes, delete'|translate|escape:javascript}'; str_no = '{'No, I have changed my mind'|translate|@escape:'javascript'}'; url_delete = '{$U_DELETE}'; -str_albums_found = '{"%d albums found"|translate}'; -str_album_found = '{"1 album found"|translate}'; +str_albums_found = '{"%d albums found"|translate|escape:javascript}'; +str_album_found = '{"1 album found"|translate|escape:javascript}'; str_result_limit = '{"%d+ albums found, try to refine the search"|translate|escape:javascript}'; -str_orphan = '{'This photo is an orphan'|@translate}'; -str_no_search_in_progress = '{'No search in progress'|@translate}'; +str_orphan = '{'This photo is an orphan'|@translate|escape:javascript}'; +str_no_search_in_progress = '{'No search in progress'|@translate|escape:javascript}'; related_categories_ids = {$related_categories_ids|@json_encode}; -str_already_in_related_cats = '{'This albums is already in related categories list'|translate}'; +str_already_in_related_cats = '{'This albums is already in related categories list'|translate|escape:javascript}'; {literal} $('#action-delete-picture').on('click', function() { @@ -283,4 +283,4 @@ $('#action-delete-picture').on('click', function() { .selectize-input .item .remove:hover { background-color: #ff7700 !important; } - \ No newline at end of file + diff --git a/admin/themes/default/template/user_list.tpl b/admin/themes/default/template/user_list.tpl index 2df6b5d23..a4cd187ae 100644 --- a/admin/themes/default/template/user_list.tpl +++ b/admin/themes/default/template/user_list.tpl @@ -22,18 +22,18 @@ const title_msg = '{'Are you sure you want to delete the user "%s"?'|@translate| const are_you_sure_msg = '{'Are you sure?'|@translate|@escape:'javascript'}'; const confirm_msg = '{'Yes, I am sure'|@translate|@escape}'; const cancel_msg = '{'No, I have changed my mind'|@translate|@escape}'; -const str_and_others_tags = '{'and %s others'|@translate}'; +const str_and_others_tags = '{'and %s others'|@translate|escape:javascript}'; const missingConfirm = "{'You need to confirm deletion'|translate|escape:javascript}"; const missingUsername = "{'Please, enter a login'|translate|escape:javascript}"; const fieldNotEmpty = "{'Name field must not be empty'|@translate|escape:javascript}" -const registered_str = '{"Registered"|@translate}'; -const last_visit_str = '{"Last visit"|@translate}'; -const dates_infos = '{'between %s and %s'|translate}' -const hide_str = '{'Hide'|@translate}'; -const show_str = '{'Show'|@translate}'; -const user_added_str = '{'User %s added'|@translate}'; -const str_popin_update_btn = '{'Update'|@translate}'; +const registered_str = '{"Registered"|@translate|escape:javascript}'; +const last_visit_str = '{"Last visit"|@translate|escape:javascript}'; +const dates_infos = '{'between %s and %s'|translate|escape:javascript}' +const hide_str = '{'Hide'|@translate|escape:javascript}'; +const show_str = '{'Show'|@translate|escape:javascript}'; +const user_added_str = '{'User %s added'|@translate|escape:javascript}'; +const str_popin_update_btn = '{'Update'|@translate|escape:javascript}'; const history_base_url = "{$U_HISTORY}"; const view_selector = '{$view_selector}';