mirror of
				https://github.com/grocy/grocy.git
				synced 2025-10-25 05:30:42 +00:00 
			
		
		
		
	Escape HTML when displaying recipes on /mealplan (references #1868)
This commit is contained in:
		| @@ -21,6 +21,11 @@ String.prototype.replaceAll = function(search, replacement) | ||||
| 	return this.replace(new RegExp(search, "g"), replacement); | ||||
| }; | ||||
|  | ||||
| String.prototype.escapeHTML = function() | ||||
| { | ||||
| 	return this.replace(/[&<>"'`=\/]/g, s => ({ '&': '&', '<': '<', '>': '>', '"': '"', "'": ''', '/': '/', '`': '`', '=': '=' })[s]);; | ||||
| }; | ||||
|  | ||||
| GetUriParam = function(key) | ||||
| { | ||||
| 	var currentUri = window.location.search.substring(1); | ||||
|   | ||||
| @@ -139,6 +139,8 @@ $(".calendar").each(function() | ||||
| 					return false; | ||||
| 				} | ||||
|  | ||||
| 				recipe.name = recipe.name.escapeHTML(); | ||||
|  | ||||
| 				var internalShadowRecipe = FindObjectInArrayByPropertyValue(internalRecipes, "name", mealPlanEntry.day + "#" + mealPlanEntry.id); | ||||
| 				var resolvedRecipe = FindObjectInArrayByPropertyValue(recipesResolved, "recipe_id", internalShadowRecipe.id); | ||||
|  | ||||
|   | ||||
		Reference in New Issue
	
	Block a user