TheDude
/
openproject
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Escape html/script data that is introduced in field tittle of cost report

Browse Source
pull/6827/head
slawa 11 years ago
parent bfcc4cf822
commit 2602dbb672
1 changed files with 5 additions and 2 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 7
      lib/assets/javascripts/reporting_engine/reporting/controls.js

7
lib/assets/javascripts/reporting_engine/reporting/controls.js vendored
Unescape View File

@ -63,6 +63,11 @@ Reporting.Controls = {
onFailure: function (editor, response) {
Reporting.flash(response.responseText);
},
ajaxOptions: {
onSuccess: function (xhr) {
xhr.responseText = OpenProject.Helpers.markupEscape(xhr.responseText);
}
},
onComplete: function () {
Reporting.Controls.update_report_lists();
}
@ -207,5 +212,3 @@ Reporting.onload(function () {
Reporting.Controls.attach_settings_callback($("query-icon-apply-button"), Reporting.Controls.update_result_table);
Reporting.Controls.observe_click($('query-link-clear'), Reporting.Controls.clear_query);
});

Write Preview
Loading…
Cancel
Save