arona/PyRIGS
1
0
Fork 0
mirror of https://github.com/nottinghamtec/PyRIGS.git synced 2026-01-17 05:22:16 +00:00
Code Issues Projects Releases Wiki Activity

Escape HTML provided in form - issue #148

Browse Source
This commit is contained in:
David Taylor
2015-07-20 22:02:08 +01:00
parent 5b3bc591b8
commit c67eab3479
1 changed files with 6 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
RIGS/static/js/interaction.js
View File

@@ -11,6 +11,10 @@ function nl2br (str, is_xhtml) {
return (str + '').replace(/([^>\r\n]?)(\r\n|\n\r|\r|\n)/g, '$1'+ breakTag +'$2');
}
function escapeHtml (str) {
return $('<div/>').text(str).html();
}
function updatePrices() {
// individual rows
var sum = 0;
@@ -101,8 +105,8 @@ $('body').on('submit', '#item-form', function (e) {
}
// update the table
$row = $('#item-' + pk);
$row.find('.name').html(fields.name);
$row.find('.description').html(nl2br(fields.description));
$row.find('.name').html(escapeHtml(fields.name));
$row.find('.description').html(nl2br(escapeHtml(fields.description)));
$row.find('.cost').html(parseFloat(fields.cost).toFixed(2));
$row.find('.quantity').html(fields.quantity);