Commit 90a82728e2205a914e5c79f375e85479128a4c1a

Authored by Larissa Reis
1 parent aea9e4b0

Escapes html for add new qualifier button in edit products' page

  Escapes html so the javascript doesn't break for Add new qualifier button
Showing 1 changed file with 1 additions and 1 deletions   Show diff stats
app/views/manage_products/_edit_info.html.erb
... ... @@ -47,7 +47,7 @@
47 47 <%= button_to_function(
48 48 :add,
49 49 _('Add new qualifier'),
50   - "new_qualifier_row('#product-qualifiers-list', '#{escape_javascript(select_qualifiers(@product))}', '#{escape_javascript(remove_qualifier_button)}')"
  50 + "new_qualifier_row('#product-qualifiers-list', '#{escape_javascript(CGI::escape_html(select_qualifiers(@product)))}', '#{escape_javascript(CGI::escape_html(remove_qualifier_button))}')"
51 51 ) %>
52 52 <%= hidden_field_tag "product[qualifiers_list][nil]" %>
53 53 <% end %>
... ...