[open-ils-commits] [GIT] Evergreen ILS branch rel_2_8 updated. 98ca4c7f6011c67a15739cf001c7e5246ddc34da

Evergreen Git git at git.evergreen-ils.org
Wed Jun 17 16:22:33 EDT 2015 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "Evergreen ILS".

The branch, rel_2_8 has been updated
       via  98ca4c7f6011c67a15739cf001c7e5246ddc34da (commit)
      from  63ccc805812f2fe47b2a83813e070c2f824ccce5 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 98ca4c7f6011c67a15739cf001c7e5246ddc34da
Author: Bill Erickson <berickxx at gmail.com>
Date:   Wed Jun 17 13:27:05 2015 -0400

    LP#1446816 HTML-escape notes in XUL patron alert page
    
    Avoid rendering HTML contained in patron messages, etc. in the XUL
    patron stop-sign page.
    
    Thanks to Jason Etheridge, ESI for noting this problem and contributing
    the original patch fix.
    
    Signed-off-by: Bill Erickson <berickxx at gmail.com>
    Signed-off-by: Ben Shum <bshum at biblio.org>

diff --git a/Open-ILS/xul/staff_client/server/patron/display.js b/Open-ILS/xul/staff_client/server/patron/display.js
index 8fd0847..bf3ff02 100644
--- a/Open-ILS/xul/staff_client/server/patron/display.js
+++ b/Open-ILS/xul/staff_client/server/patron/display.js
@@ -974,7 +974,7 @@ patron.display.prototype = {
                 obj._already_defaulted_once = true;
                 var msg = ''; obj.stop_checkouts = false;
                 if (patron.alert_message())
-                    msg += $("patronStrings").getFormattedString('staff.patron.display.init.network_request.alert_message', [patron.alert_message()]) + '<br/><br/>';
+                    msg += $("patronStrings").getFormattedString('staff.patron.display.init.network_request.alert_message', [(patron.alert_message()).replace(/</g,'<').replace(/>/g,'>')]) + '<br/><br/>';
                 //alert('obj.barcode = ' + obj.barcode);
                 if (obj.barcode) {
                     if (patron.cards()) for (var i = 0; i < patron.cards().length; i++) {
@@ -1034,9 +1034,9 @@ patron.display.prototype = {
                             dl_flag_opened = true;
                         }
                         msg += '<dt>';
-                        msg += obj.OpenILS.data.hash.aou[ penalties[i].org_unit() ].shortname() + ' : ' + penalties[i].standing_penalty().label() + '<br/>';
+                        msg += (obj.OpenILS.data.hash.aou[ penalties[i].org_unit() ].shortname() + ' : ' + penalties[i].standing_penalty().label()).replace(/</g,'<').replace(/>/g,'>') + '<br/>';
                         msg += '</dt><dd>';
-                        msg += (penalties[i].note())?penalties[i].note():'';
+                        msg += ((penalties[i].note())?penalties[i].note():'').replace(/</g,'<').replace(/>/g,'>');
                         msg += '</dd>';
                     }
                 }

-----------------------------------------------------------------------

Summary of changes:
 Open-ILS/xul/staff_client/server/patron/display.js |    6 +++---
 1 files changed, 3 insertions(+), 3 deletions(-)


hooks/post-receive
-- 
Evergreen ILS

More information about the open-ils-commits mailing list