diff --git a/plugins/custom_forms/views/custom_forms_plugin_myprofile/_field.html.erb b/plugins/custom_forms/views/custom_forms_plugin_myprofile/_field.html.erb
index b14fd3b..56d2f89 100644
--- a/plugins/custom_forms/views/custom_forms_plugin_myprofile/_field.html.erb
+++ b/plugins/custom_forms/views/custom_forms_plugin_myprofile/_field.html.erb
@@ -12,7 +12,7 @@
<%= f.hidden_field(:position) %>
<%= f.hidden_field :_destroy, :class => 'destroy-field' %>
- <%= button_to_function :delete, _('Remove field'), "customFormsPlugin.removeFieldBox(this, #{j _('Are you sure you want to remove this field?').to_json})" %>
+ <%= button_to_function :delete, _('Remove field'), "customFormsPlugin.removeFieldBox(this, #{CGI::escapeHTML(_('Are you sure you want to remove this field?').to_json)})" %>
<%= yield %>
diff --git a/plugins/custom_forms/views/custom_forms_plugin_myprofile/_form.html.erb b/plugins/custom_forms/views/custom_forms_plugin_myprofile/_form.html.erb
index ba5f158..7bb6187 100644
--- a/plugins/custom_forms/views/custom_forms_plugin_myprofile/_form.html.erb
+++ b/plugins/custom_forms/views/custom_forms_plugin_myprofile/_form.html.erb
@@ -31,8 +31,8 @@
- <%= button(:add, _('Add a new text field'), '#', :onclick => "customFormsPlugin.addFields(this, 'fields', #{j html_for_field(f, :fields, CustomFormsPlugin::TextField).to_json}); return false")%>
- <%= button(:add, _('Add a new select field'), '#', :onclick => "customFormsPlugin.addFields(this, 'fields', #{j html_for_field(f, :fields, CustomFormsPlugin::SelectField).to_json}); return false")%>
+ <%= button(:add, _('Add a new text field'), '#', :onclick => "customFormsPlugin.addFields(this, 'fields', #{CGI::escapeHTML(html_for_field(f, :fields, CustomFormsPlugin::TextField).to_json)}); return false")%>
+ <%= button(:add, _('Add a new select field'), '#', :onclick => "customFormsPlugin.addFields(this, 'fields', #{CGI::escapeHTML(html_for_field(f, :fields, CustomFormsPlugin::SelectField).to_json)}); return false")%>
<% button_bar do %>
diff --git a/plugins/custom_forms/views/custom_forms_plugin_myprofile/custom_forms_plugin/_alternative.html.erb b/plugins/custom_forms/views/custom_forms_plugin_myprofile/custom_forms_plugin/_alternative.html.erb
index 5a6f488..f312254 100644
--- a/plugins/custom_forms/views/custom_forms_plugin_myprofile/custom_forms_plugin/_alternative.html.erb
+++ b/plugins/custom_forms/views/custom_forms_plugin_myprofile/custom_forms_plugin/_alternative.html.erb
@@ -7,6 +7,6 @@
<%= f.hidden_field :_destroy, :class => 'destroy-field' %>
- <%= button_to_function_without_text :remove, _('Remove alternative'), "customFormsPlugin.removeAlternative(this, #{j _('Are you sure you want to remove this alternative?').to_json})", :class => 'remove-field', :title => _('Remove alternative') %>
+ <%= button_to_function_without_text :remove, _('Remove alternative'), "customFormsPlugin.removeAlternative(this, #{CGI::escapeHTML(_('Are you sure you want to remove this alternative?').to_json)})", :class => 'remove-field', :title => _('Remove alternative') %>
|
diff --git a/plugins/custom_forms/views/custom_forms_plugin_myprofile/custom_forms_plugin/_select_field.html.erb b/plugins/custom_forms/views/custom_forms_plugin_myprofile/custom_forms_plugin/_select_field.html.erb
index 3026311..b45e4cd 100644
--- a/plugins/custom_forms/views/custom_forms_plugin_myprofile/custom_forms_plugin/_select_field.html.erb
+++ b/plugins/custom_forms/views/custom_forms_plugin_myprofile/custom_forms_plugin/_select_field.html.erb
@@ -22,7 +22,7 @@
|
- <%= button(:add, _('Add a new alternative'), '#', :onclick => "customFormsPlugin.addFields(this, 'alternatives', #{j html_for_field(f, :alternatives, CustomFormsPlugin::Alternative).to_json}); return false") %>
+ <%= button(:add, _('Add a new alternative'), '#', :onclick => "customFormsPlugin.addFields(this, 'alternatives', #{CGI::escapeHTML(html_for_field(f, :alternatives, CustomFormsPlugin::Alternative).to_json)}); return false") %>
|
--
libgit2 0.21.2