Commit 90a82728e2205a914e5c79f375e85479128a4c1a
1 parent
aea9e4b0
Exists in
master
and in
29 other branches
Escapes html for add new qualifier button in edit products' page
Escapes html so the javascript doesn't break for Add new qualifier button
Showing
1 changed file
with
1 additions
and
1 deletions
Show diff stats
app/views/manage_products/_edit_info.html.erb
... | ... | @@ -47,7 +47,7 @@ |
47 | 47 | <%= button_to_function( |
48 | 48 | :add, |
49 | 49 | _('Add new qualifier'), |
50 | - "new_qualifier_row('#product-qualifiers-list', '#{escape_javascript(select_qualifiers(@product))}', '#{escape_javascript(remove_qualifier_button)}')" | |
50 | + "new_qualifier_row('#product-qualifiers-list', '#{escape_javascript(CGI::escape_html(select_qualifiers(@product)))}', '#{escape_javascript(CGI::escape_html(remove_qualifier_button))}')" | |
51 | 51 | ) %> |
52 | 52 | <%= hidden_field_tag "product[qualifiers_list][nil]" %> |
53 | 53 | <% end %> | ... | ... |