kalipso/racalmas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

templates: fix javascript escaping

Browse Source
This commit is contained in:
Milan
2022-01-27 21:51:50 +01:00
parent f90f71c529
commit b707cbe449
27 changed files with 105 additions and 102 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
website/agenda/planung/templates/edit-series.html
View File

@@ -4,8 +4,8 @@
<script src="js/jquery.tablesorter.min.js"></script>
<script src="js/image.js" type="text/javascript"></script>
<script>
var region='<TMPL_VAR loc.region>';
var event_id='<TMPL_VAR event_id>';
var region='<TMPL_VAR loc.region escape=js>';
var event_id='<TMPL_VAR event_id escape=js>';
var selectImageId='';
<TMPL_IF .forced_change>pageHasChangedCounter=1;</TMPL_IF>
<TMPL_IF .getBack>
@@ -127,9 +127,9 @@
<td>
<TMPL_IF .allow.read_image>
<button class="selectImage"
onclick="selectImage('<TMPL_VAR series_name escape=HTML>', '<TMPL_VAR image ESCAPE=url>', 'series', '<TMPL_VAR .project_id>','<TMPL_VAR .studio_id>','<TMPL_VAR series_id>'); return false;"
onclick="selectImage('<TMPL_VAR series_name escape=js>', '<TMPL_VAR image escape=js>', 'series', '<TMPL_VAR .project_id escape=js>','<TMPL_VAR .studio_id escape=js>','<TMPL_VAR series_id escape=js>'); return false;"
>
<img id="imagePreview" src="show-image.cgi?project_id=<TMPL_VAR .project_id>&studio_id=<TMPL_VAR .studio_id>&filename=<TMPL_VAR image>&type=icon">
<img id="imagePreview" src="show-image.cgi?project_id=<TMPL_VAR .project_id>&studio_id=<TMPL_VAR .studio_id>&filename=<TMPL_VAR image escape=js>&type=icon">
</button>
<input type="hidden" name="series_image" value="<TMPL_VAR series_image>" >
@@ -178,7 +178,7 @@
><TMPL_VAR .loc.button_save_template></button>
</TMPL_IF>
<!--
<button onclick="cancel_edit_series('<TMPL_VAR series_id>');return false;">cancel</button>
<button onclick="cancel_edit_series('<TMPL_VAR series_id escape=js>');return false;">cancel</button>
-->
</div>
</form>
@@ -302,7 +302,7 @@
<TMPL_IF .allow.delete_schedule>
<div class="cell delete"><br>
<button type="submit" class="text" name="action" value="delete_schedule"
onclick="commitForm('schedule_<TMPL_VAR schedule_id>','delete_schedule','<TMPL_VAR .loc.button_delete_schedule>');return false;"
onclick="commitForm('schedule_<TMPL_VAR schedule_id escape=js>','delete_schedule','<TMPL_VAR .loc.button_delete_schedule escape=js>');return false;"
><TMPL_VAR .loc.button_delete_schedule></button>
</div>
</TMPL_IF>
@@ -454,7 +454,7 @@
<TMPL_LOOP events>
<tr id="event_<TMPL_VAR event_id>" style="cursor:pointer"
<TMPL_IF .allow.update_event>
onclick="edit_event('<TMPL_VAR event_id>','<TMPL_VAR .series_id>','<TMPL_VAR .studio_id>','<TMPL_VAR .project_id>','hide_series')"
onclick="edit_event('<TMPL_VAR event_id escape=js>','<TMPL_VAR .series_id escape=js>','<TMPL_VAR .studio_id escape=js>','<TMPL_VAR .project_id escape=js>','hide_series')"
</TMPL_IF>
>
<TMPL_IF .allow.read_image>
@@ -488,7 +488,7 @@
<TMPL_IF .allow.update_series>
<tr>
<td>
<button onclick="edit_series_members('<TMPL_VAR .series_id>')" style="float:left"
<button onclick="edit_series_members('<TMPL_VAR .series_id escape=js>')" style="float:left"
><TMPL_VAR .loc.button_edit_member></button>
</td>
<td colspan="2">
@@ -535,7 +535,7 @@
<input type="hidden" name="user_id" value="<TMPL_VAR user_id>">
<input type="hidden" name="action" value="remove_user">
<button type="submit" value="remove user"
onclick="commitForm('series_members_<TMPL_VAR .series_id>_<TMPL_VAR user_id>', 'remove_user', '<TMPL_VAR .loc.button_remove_member>'); return false;"
onclick="commitForm('series_members_<TMPL_VAR .series_id escape=js>_<TMPL_VAR user_id escape=js>', 'remove_user', '<TMPL_VAR .loc.button_remove_member escape=js>'); return false;"
><TMPL_VAR .loc.button_remove_member></button>
</form>
</div>