Fix title & description in calendar events were not escaped

2025-06-30 06:30:23 +02:00 · 2017-03-01 10:52:38 -07:00
parent f8c8d1d84c
commit d0913cb309
2 changed files with 20 additions and 5 deletions
--- a/api/js/jsapi/egw_utils.js
+++ b/api/js/jsapi/egw_utils.js
@ -204,6 +204,20 @@ egw.extend('utils', egw.MODULE_GLOBAL, function()
 			return _comp.replace(/#/g,'%23').replace(/\?/g,'%3F').replace(/\//g,'');
 		},

+		/**
+		 * Escape HTML special chars, just like PHP
+		 *
+		 * @param {string} s String to encode
+		 *
+		 * @return {string}
+		 */
+		htmlspecialchars: function(s) {
+			return s.replace(/&/g, '&amp;')
+				.replace(/"/g, '&quot;')
+				.replace(/</g, '&lt;')
+				.replace(/>/g, '&gt;');
+		},
+
 		/**
 		 * If an element has display: none (or a parent like that), it has no size.
 		 * Use this to get its dimensions anyway.