# and newlines/carriage returns escaped for use in JS strings.
js => sub {
my ($var) = @_;
- $var =~ s/([\\\'\"])/\\$1/g;
+ $var =~ s/([\\\'\"\/])/\\$1/g;
$var =~ s/\n/\\n/g;
$var =~ s/\r/\\r/g;
$var =~ s/\@/\\x40/g; # anti-spam for email addresses
<td>
<a href="editflagtypes.cgi?action=copy&id=[% type.id %]">Copy</a>
| <a href="editflagtypes.cgi?action=confirmdelete&id=[% type.id %]"
- onclick="return confirmDelete([% type.id %], '[% type.name FILTER js %]',
+ onclick="return confirmDelete([% type.id %], '[% type.name FILTER js FILTER html %]',
[% type.flag_count %]);">Delete</a>
</td>
</tr>
[% terms.bug %] to
</label>
<input name="assigned_to" size="32"
- onchange="if ((this.value != '[% bug.assigned_to.email FILTER js %]') &&
+ onchange="if ((this.value != '[% bug.assigned_to.email FILTER js FILTER html %]') &&
(this.value != '')) {
document.changeform.knob[[% knum %]].checked=true;
}"
projects / thirdparty / bugzilla.git / commitdiff
