From 0bba8fd03237f220e17c906a3e0c94a56312878b Mon Sep 17 00:00:00 2001
From: Nathan Gray <nathangray.bsc@gmail.com>
Date: Wed, 17 Jul 2013 09:57:50 +0000
Subject: [PATCH] Strip out any javascript added by application and it properly
 to the AJAX response

---
 etemplate/inc/class.etemplate.inc.php | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/etemplate/inc/class.etemplate.inc.php b/etemplate/inc/class.etemplate.inc.php
index d82510c154..f91e3f7f37 100644
--- a/etemplate/inc/class.etemplate.inc.php
+++ b/etemplate/inc/class.etemplate.inc.php
@@ -286,8 +286,16 @@ class etemplate_new extends etemplate_widget_template
 		}
 		error_log(__METHOD__."(,".array2string($content).')');
 		error_log(' validated='.array2string($validated));
-
-		return ExecMethod(self::$request->method, self::complete_array_merge(self::$request->preserv, $validated));
+		$content = ExecMethod(self::$request->method, self::complete_array_merge(self::$request->preserv, $validated));
+		if (isset($GLOBALS['egw_info']['flags']['java_script']))
+		{
+			// Strip out any script tags
+			$GLOBALS['egw_info']['flags']['java_script'] = preg_replace(array('/(<script[^>]*>)([^<]*)/is','/<\/script>/'),array('$2',''),$GLOBALS['egw_info']['flags']['java_script']);
+			self::$response->script($GLOBALS['egw_info']['flags']['java_script']);
+			error_log($app .' added javascript to $GLOBALS[egw_info][flags][java_script] - use egw_json_response->script() instead.');
+		}
+	
+		return $content;
 	}
 
 	/**