XSS / style fixes for newly detected issues (after fixing XSS scanner)

3 files changed, 3 insertions, 3 deletions

diff --git a/modules/gallery/views/admin_dashboard.html.php b/modules/gallery/views/admin_dashboard.html.php
index a2d22ab6..148de65f 100644
--- a/modules/gallery/views/admin_dashboard.html.php
+++ b/modules/gallery/views/admin_dashboard.html.php
@@ -1,7 +1,7 @@
 <?php defined("SYSPATH") or die("No direct script access.") ?>
 <script type="text/javascript">
   update_blocks = function() {
-    $.get("<?= url::site("admin/dashboard/reorder") ?>",
+    $.get(<?= html::js_string(url::site("admin/dashboard/reorder")) ?>,
           {"csrf": "<?= $csrf ?>",
            "dashboard_center[]": $("#gAdminDashboard").sortable(
              "toArray", {attribute: "block_id"}),
diff --git a/modules/gallery/views/admin_graphics.html.php b/modules/gallery/views/admin_graphics.html.php
index c4a2f5c6..f64c7f80 100644
--- a/modules/gallery/views/admin_graphics.html.php
+++ b/modules/gallery/views/admin_graphics.html.php
@@ -3,7 +3,7 @@
   $(document).ready(function() {
     select_toolkit = function(el) {
       if (!$(this).hasClass("gUnavailable")) {
-        window.location = '<?= url::site("admin/graphics/choose/__TK__?csrf=$csrf") ?>'
+        window.location = <?= html::js_string(url::site("admin/graphics/choose/__TK__?csrf=$csrf")) ?>
           .replace("__TK__", $(this).attr("id"));
       }
     };
diff --git a/modules/gallery/views/admin_maintenance_task.html.php b/modules/gallery/views/admin_maintenance_task.html.php
index 0f33d508..fc0e0af5 100644
--- a/modules/gallery/views/admin_maintenance_task.html.php
+++ b/modules/gallery/views/admin_maintenance_task.html.php
@@ -28,7 +28,7 @@
 
   update = function() {
     $.ajax({
-      url: "<?= url::site("admin/maintenance/run/$task->id?csrf=$csrf") ?>",
+      url: <?= html::js_string(url::site("admin/maintenance/run/$task->id?csrf=$csrf")) ?>,
       dataType: "json",
       success: function(data) {
         target_value = data.task.percent_complete;