Fix XSS in tags JS

author: Andy Staudacher <andy.st@gmail.com> 2009-09-01 01:12:02 -0700
committer: Andy Staudacher <andy.st@gmail.com> 2009-09-01 01:12:02 -0700
commit: ff1979e12e0b012374e2ab3712b19f87e1a92e64 (patch)
tree: 3c58fd3be9ff74838c01387ba0405ca95112aa0b /modules/tag/views
parent: d2cea7905e342c2a9a7cec03058ab762d0d1ba7f (diff)
1 files changed, 4 insertions, 4 deletions
diff --git a/modules/tag/views/admin_tags.html.php b/modules/tag/views/admin_tags.html.php
index 3d805c5e..8f3693aa 100644
--- a/modules/tag/views/admin_tags.html.php
+++ b/modules/tag/views/admin_tags.html.php
@@ -1,9 +1,9 @@
 <?php defined("SYSPATH") or die("No direct script access.") ?>
 <script>
-  var TAG_RENAME_URL = "<?= url::site("admin/tags/rename/__ID__") ?>";
+  var TAG_RENAME_URL = <?= html::js_string(url::site("admin/tags/rename/__ID__")) ?>;
   $("document").ready(function() {
     // using JS for adding link titles to avoid running t() for each tag
-    $("#gTagAdmin .tag-name").attr("title", "<?= t("Click to edit this tag") ?>");
+    $("#gTagAdmin .tag-name").attr("title", <?= t("Click to edit this tag")->for_js() ?>);
     $("#gTagAdmin .delete-link").attr("title", $(".delete-link:first span").html());
 
     // In-place editing for tag admin
@@ -11,8 +11,8 @@
   });
   // make some values available within tag.js
   var csrf_token = "<?= $csrf ?>";
-  var save_i18n = '<?= t("save") ?>';
-  var cancel_i18n = '<?= t("cancel") ?>';
+  var save_i18n = <?= html::js_string(t("save")->for_html_attr()) ?>;
+  var cancel_i18n = <?= html::js_string(t("cancel")->for_html_attr()) ?>;
 </script>
 <div class="gBlock">
   <h2>
author	Andy Staudacher <andy.st@gmail.com>	2009-09-01 01:12:02 -0700
committer	Andy Staudacher <andy.st@gmail.com>	2009-09-01 01:12:02 -0700
commit	ff1979e12e0b012374e2ab3712b19f87e1a92e64 (patch)
tree	3c58fd3be9ff74838c01387ba0405ca95112aa0b /modules/tag/views
parent	d2cea7905e342c2a9a7cec03058ab762d0d1ba7f (diff)