Download as
Browse Code »

Commit 90a82728e2205a914e5c79f375e85479128a4c1a

Authored by Larissa Reis
1 parent aea9e4b0
Exists in master and in 29 other branches add_member_task_reject_details, admin_visible_profile, article-list-template, community_notifications, contact_admin_translation, event_fixes, fix_comments_pagination, fix_rails4_organization_ratings, fix_sign_up_form, follow_step_fix, forum_topic_creation, mirror_block_improvements, multi_env_on_remote_user, new_security, noosfero_spb_ci, organization_ratings_improvements, organization_ratings_link_to_profile_stable-spb-1.3, organization_ratings_translations_fix, profile_api_improvements, ratings_minor_fixes, remote_user_fix, send_email_to_admins, stable-spb-1.3, stable-spb-1.3-fixes, stable-spb-1.4, stable-spb-1.5, suggest_rejected_value, web_steps_improvements, xss_terminate_custom_options

Escapes html for add new qualifier button in edit products' page 

  Escapes html so the javascript doesn't break for Add new qualifier button
Showing 1 changed file with 1 additions and 1 deletions   Show diff stats
app/views/manage_products/_edit_info.html.erb
  Diff comments   View file @90a8272
... ... @@ -47,7 +47,7 @@
47 47 <%= button_to_function(
48 48 :add,
49 49 _('Add new qualifier'),
50   - "new_qualifier_row('#product-qualifiers-list', '#{escape_javascript(select_qualifiers(@product))}', '#{escape_javascript(remove_qualifier_button)}')"
  50 + "new_qualifier_row('#product-qualifiers-list', '#{escape_javascript(CGI::escape_html(select_qualifiers(@product)))}', '#{escape_javascript(CGI::escape_html(remove_qualifier_button))}')"
51 51 ) %>
52 52 <%= hidden_field_tag "product[qualifiers_list][nil]" %>
53 53 <% end %>
... ...