templates: fix javascript escaping

2022-01-27 21:51:50 +01:00
parent f90f71c529
commit b707cbe449
27 changed files with 105 additions and 102 deletions
--- a/website/agenda/planung/templates/image.html
+++ b/website/agenda/planung/templates/image.html
@@ -74,8 +74,8 @@
        <div>
 	        <form id="image_manager" action="image.cgi">
 		        <input name="search" value="<TMPL_VAR search escape=none>" style="width:20em;">
-		        <input type="hidden" name="filename" value="<TMPL_VAR filename escape=none>">
-		        <button onclick="searchImage('<TMPL_VAR target>', '<TMPL_VAR .project_id>', '<TMPL_VAR .studio_id>', '<TMPL_VAR .series_id>', '<TMPL_VAR .event_id>', '<TMPL_VAR .pid>'); return false;"><TMPL_VAR .loc.button_search></button>
+		        <input type="hidden" name="filename" value="<TMPL_VAR filename escape=js>">
+		        <button onclick="searchImage('<TMPL_VAR target escape=js>', '<TMPL_VAR .project_id escape=js>', '<TMPL_VAR .studio_id escape=js>', '<TMPL_VAR .series_id escape=js>', '<TMPL_VAR .event_id escape=js>', '<TMPL_VAR .pid escape=js>'); return false;"><TMPL_VAR .loc.button_search></button>
 	        </form>
            <TMPL_VAR count> <TMPL_VAR .loc.label_search_hits><br />
            <div class="images" 
@@ -90,7 +90,7 @@
                <TMPL_LOOP images>
 	                <div class="image" 
 		                id="img_<TMPL_VAR id>" 
-		                style="background-image:url('show-image.cgi?project_id=<TMPL_VAR .project_id>&studio_id=<TMPL_VAR .studio_id>&type=icon&filename=<TMPL_VAR filename>')"
+		                style="background-image:url('show-image.cgi?project_id=<TMPL_VAR .project_id escape=js>&studio_id=<TMPL_VAR .studio_id escape=js>&type=icon&filename=<TMPL_VAR filename escape=js>')"
 		                title="<TMPL_VAR description>"
                        filename="<TMPL_VAR filename>"
 	                >