templates: fix javascript escaping

website/agenda/planung/templates/projects.html

@@ -1,14 +1,14 @@
 <script src="js/image.js" type="text/javascript"></script>
 
 <script type="text/javascript">
-    var region='<TMPL_VAR loc.region>';
+    var region='<TMPL_VAR loc.region escape=js>';
 </script>
 
 <h2><TMPL_VAR .loc.title></h2>
 
 <TMPL_IF .allow.create_project>
 <div style="clear:both" class="newproject">
-    <button onclick="add_project('<TMPL_VAR name>')"><TMPL_VAR .loc.button_add_project></button><br/>
+    <button onclick="add_project('<TMPL_VAR name escape=js>')"><TMPL_VAR .loc.button_add_project></button><br/>
     <div id="edit_new" class="panel project editor" style="clear:both;display:none">
         <form method="post">
             <input type="hidden" name="project_id" value="<TMPL_VAR .project_id>">
@@ -41,7 +41,7 @@
     <div class="panel-header">
         <div class="title"><TMPL_VAR title></div>
         <TMPL_IF .allow.update_project>
-            <button class="text" onclick="edit_project('<TMPL_VAR project_id>')"
+            <button class="text" onclick="edit_project('<TMPL_VAR project_id escape=js>')"
             ><TMPL_VAR .loc.button_edit></button>
         </TMPL_IF>
     </div>
@@ -62,7 +62,7 @@
                 </TMPL_LOOP><br/>
                 </td><td>
                 <TMPL_IF .allow.update_project>
-                    <button onclick="edit_project_assignments('<TMPL_VAR project_id>')"
+                    <button onclick="edit_project_assignments('<TMPL_VAR project_id escape=js>')"
                         class="text" style="float:left"
                     ><TMPL_VAR .loc.button_change></button>
                 </TMPL_IF>
@@ -94,7 +94,7 @@
                     <td>
                         <button 
                             class="selectImage"
-                            onclick="selectImage('<TMPL_VAR name escape=HTML>', '<TMPL_VAR image ESCAPE=url>', 'projects', '<TMPL_VAR .project_id>','<TMPL_VAR .studio_id>', null, null, '<TMPL_VAR pid>'); return false;"
+                            onclick="selectImage('<TMPL_VAR name escape=HTML escape=js>', '<TMPL_VAR image  escape=js>', 'projects', '<TMPL_VAR .project_id escape=js>','<TMPL_VAR .studio_id escape=js>', null, null, '<TMPL_VAR pid escape=js>'); return false;"
                         >
                             <img id="imagePreview" src="show-image.cgi?project_id=<TMPL_VAR .project_id>&studio_id=<TMPL_VAR .studio_id>&filename=<TMPL_VAR image>&type=icon">
                         </button>
@@ -110,7 +110,7 @@
                     <td>
                         <div class="right">
                             <button type=submit class="text" name="action" value="delete"
-                            onclick="commitForm('project_<TMPL_VAR project_id>','delete','<TMPL_VAR .loc.button_delete>');return false;"
+                            onclick="commitForm('project_<TMPL_VAR project_id>','delete','<TMPL_VAR .loc.button_delete escape=js>');return false;"
                             ><TMPL_VAR .loc.button_delete></button>
                         </div>
                     </td>
@@ -157,7 +157,7 @@
                             <input type="hidden" name="sid"        value="<TMPL_VAR sid>">
                             <input type="hidden" name="action"     value="unassign_studio">
                             <button type="submit" class="text"
-                                onclick="commitForm($(this).parent(),'unassign_studio','<TMPL_VAR .loc.button_unassign_studio>');return false;"
+                                onclick="commitForm($(this).parent(),'unassign_studio','<TMPL_VAR .loc.button_unassign_studio escape=js>');return false;"
                             ><TMPL_VAR .loc.button_unassign_studio></button>
                         </form>
                     </div>