Fixing all detected XSS vectors in PHP->JS code.

Xss: Rename UNKNOWN back to DIRTY, JS_XSS to DIRTY_JS. (using a different flag value to highlight potential XSS vectors in JS)
author: Andy Staudacher <andy.st@gmail.com> 2009-08-29 13:41:18 -0700
committer: Andy Staudacher <andy.st@gmail.com> 2009-08-29 13:41:18 -0700
commit: d5660d2d3ea6e8172272f1eb27e8071a1a42d87b (patch)
tree: 814fe98dbf50922698fbbb6dd63664f0d2c84668 /themes
parent: 83344b9e7d5bdde05956a0a5c0b6578e19974066 (diff)
4 files changed, 5 insertions, 5 deletions
diff --git a/themes/admin_default/views/admin.html.php b/themes/admin_default/views/admin.html.php
index d27f9260..61821428 100644
--- a/themes/admin_default/views/admin.html.php
+++ b/themes/admin_default/views/admin.html.php
@@ -23,7 +23,7 @@
    <?= $theme->script("gallery.common.js") ?>
    <? /* MSG_CANCEL is required by gallery.dialog.js */ ?>
    <script type="text/javascript">
-   var MSG_CANCEL = "<?= t('Cancel') ?>";
+   var MSG_CANCEL = "<?= t('Cancel')->for_js() ?>";
    </script>
    <?= $theme->script("gallery.dialog.js") ?>
    <?= $theme->script("superfish/js/superfish.js") ?>
diff --git a/themes/default/views/movie.html.php b/themes/default/views/movie.html.php
index 1f25a626..75d51eff 100644
--- a/themes/default/views/movie.html.php
+++ b/themes/default/views/movie.html.php
@@ -20,7 +20,7 @@
   </div>
 
   <script type="text/javascript">
-    var ADD_A_COMMENT = "<?= t("Add a comment") ?>";
+    var ADD_A_COMMENT = "<?= t("Add a comment")->for_js() ?>";
   </script>
   <?= $theme->photo_bottom() ?>
 </div>
diff --git a/themes/default/views/page.html.php b/themes/default/views/page.html.php
index ea2be37b..8d9f0caa 100644
--- a/themes/default/views/page.html.php
+++ b/themes/default/views/page.html.php
@@ -51,7 +51,7 @@
     <?= $theme->script("gallery.common.js") ?>
     <? /* MSG_CANCEL is required by gallery.dialog.js */ ?>
     <script type="text/javascript">
-    var MSG_CANCEL = "<?= t('Cancel') ?>";
+    var MSG_CANCEL = "<?= t('Cancel')->for_js() ?>";
     </script>
     <?= $theme->script("gallery.dialog.js") ?>
     <?= $theme->script("gallery.form.js") ?>
diff --git a/themes/default/views/photo.html.php b/themes/default/views/photo.html.php
index 1f92e9ba..fcf597cf 100644
--- a/themes/default/views/photo.html.php
+++ b/themes/default/views/photo.html.php
@@ -5,7 +5,7 @@
 <script>
   $(document).ready(function() {
     $(".gFullSizeLink").click(function() {
-      show_full_size("<?= $theme->item()->file_url() ?>", "<?= $theme->item()->width ?>", "<?= $theme->item()->height ?>");
+      show_full_size("<?= $theme->item()->file_url()->for_js() ?>", "<?= $theme->item()->width ?>", "<?= $theme->item()->height ?>");
       return false;
     });
   });
@@ -55,7 +55,7 @@
   </div>
 
   <script type="text/javascript">
-    var ADD_A_COMMENT = "<?= t("Add a comment") ?>";
+    var ADD_A_COMMENT = "<?= t("Add a comment")->for_js() ?>";
   </script>
   <?= $theme->photo_bottom() ?>
 </div>
author	Andy Staudacher <andy.st@gmail.com>	2009-08-29 13:41:18 -0700
committer	Andy Staudacher <andy.st@gmail.com>	2009-08-29 13:41:18 -0700
commit	d5660d2d3ea6e8172272f1eb27e8071a1a42d87b (patch)
tree	814fe98dbf50922698fbbb6dd63664f0d2c84668 /themes
parent	83344b9e7d5bdde05956a0a5c0b6578e19974066 (diff)