Commit 90a82728e2205a914e5c79f375e85479128a4c1a
1 parent
aea9e4b0
Exists in
master
and in
8 other branches
Escapes html for add new qualifier button in edit products' page
Escapes html so the javascript doesn't break for Add new qualifier button
Showing
1 changed file
with
1 additions
and
1 deletions
Show diff stats
app/views/manage_products/_edit_info.html.erb
| ... | ... | @@ -47,7 +47,7 @@ |
| 47 | 47 | <%= button_to_function( |
| 48 | 48 | :add, |
| 49 | 49 | _('Add new qualifier'), |
| 50 | - "new_qualifier_row('#product-qualifiers-list', '#{escape_javascript(select_qualifiers(@product))}', '#{escape_javascript(remove_qualifier_button)}')" | |
| 50 | + "new_qualifier_row('#product-qualifiers-list', '#{escape_javascript(CGI::escape_html(select_qualifiers(@product)))}', '#{escape_javascript(CGI::escape_html(remove_qualifier_button))}')" | |
| 51 | 51 | ) %> |
| 52 | 52 | <%= hidden_field_tag "product[qualifiers_list][nil]" %> |
| 53 | 53 | <% end %> | ... | ... |