diff options
-rw-r--r-- | Bugzilla/Template.pm | 2 | ||||
-rw-r--r-- | template/en/default/admin/flag-type/list.html.tmpl | 2 | ||||
-rw-r--r-- | template/en/default/bug/knob.html.tmpl | 2 |
3 files changed, 3 insertions, 3 deletions
diff --git a/Bugzilla/Template.pm b/Bugzilla/Template.pm index cb6b54c90..cddd33ba4 100644 --- a/Bugzilla/Template.pm +++ b/Bugzilla/Template.pm @@ -229,7 +229,7 @@ sub create { # and newlines/carriage returns escaped for use in JS strings. js => sub { my ($var) = @_; - $var =~ s/([\\\'\"])/\\$1/g; + $var =~ s/([\\\'\"\/])/\\$1/g; $var =~ s/\n/\\n/g; $var =~ s/\r/\\r/g; $var =~ s/\@/\\x40/g; # anti-spam for email addresses diff --git a/template/en/default/admin/flag-type/list.html.tmpl b/template/en/default/admin/flag-type/list.html.tmpl index 0185df0c7..44cbf36c2 100644 --- a/template/en/default/admin/flag-type/list.html.tmpl +++ b/template/en/default/admin/flag-type/list.html.tmpl @@ -98,7 +98,7 @@ <td> <a href="editflagtypes.cgi?action=copy&id=[% type.id %]">Copy</a> | <a href="editflagtypes.cgi?action=confirmdelete&id=[% type.id %]" - onclick="return confirmDelete([% type.id %], '[% type.name FILTER js %]', + onclick="return confirmDelete([% type.id %], '[% type.name FILTER js FILTER html %]', [% type.flag_count %]);">Delete</a> </td> </tr> diff --git a/template/en/default/bug/knob.html.tmpl b/template/en/default/bug/knob.html.tmpl index f0194155d..b93f8099d 100644 --- a/template/en/default/bug/knob.html.tmpl +++ b/template/en/default/bug/knob.html.tmpl @@ -97,7 +97,7 @@ [% terms.bug %] to </label> <input name="assigned_to" size="32" - onchange="if ((this.value != '[% bug.assigned_to.email FILTER js %]') && + onchange="if ((this.value != '[% bug.assigned_to.email FILTER js FILTER html %]') && (this.value != '')) { document.changeform.knob[[% knum %]].checked=true; }" |