0013228: Unescaped values for displayed name and company
authorMichael Spahn <m.spahn@metaways.de>
Mon, 19 Jun 2017 10:26:33 +0000 (12:26 +0200)
committerMichael Spahn <m.spahn@metaways.de>
Mon, 19 Jun 2017 13:42:33 +0000 (15:42 +0200)
https://forge.tine20.org/view.php?id=13228

Change-Id: I93e4c9dd72ed3e1cc9f79949e57349b7e27b8bdd
Reviewed-on: http://gerrit.tine20.com/customers/4893
Reviewed-by: Michael Spahn <m.spahn@metaways.de>
Tested-by: Michael Spahn <m.spahn@metaways.de>
tine20/Addressbook/js/ContactGrid.js
tine20/Addressbook/js/ContactGridDetailsPanel.js
tine20/Tinebase/js/widgets/display/RecordDisplayPanel.js

index f8f1148..87f880c 100644 (file)
@@ -166,7 +166,7 @@ Tine.Addressbook.ContactGridPanel.contactTypeRenderer = function(data, cell, rec
 
 Tine.Addressbook.ContactGridPanel.displayNameRenderer = function(data) {
     var i18n = Tine.Tinebase.appMgr.get('Addressbook').i18n;
-    return data ? data : ('<div class="renderer_displayNameRenderer_noName">' + i18n._('No name') + '</div>');
+    return data ?  Tine.Tinebase.EncodingHelper.encode(data) : ('<div class="renderer_displayNameRenderer_noName">' + i18n._('No name') + '</div>');
 };
 
 Tine.Addressbook.ContactGridPanel.countryRenderer = function(data) {
index 1f770cb..82389ec 100644 (file)
@@ -87,7 +87,7 @@ Tine.Addressbook.ContactGridDetailsPanel = Ext.extend(Tine.widgets.grid.DetailsP
                                         hideLabel: true,
                                         htmlEncode: false,
                                         renderer: function(value) {
-                                            return '<b>' + value + '</b>';
+                                            return '<b>' +  Tine.Tinebase.EncodingHelper.encode(value) + '</b>';
                                         }
                                     }, {
                                         xtype: 'ux.displayfield',
index 8be3213..1ff6cfa 100644 (file)
@@ -178,7 +178,7 @@ Tine.widgets.display.RecordDisplayPanel = Ext.extend(Ext.ux.display.DisplayPanel
     },
 
     titleRenderer: function(title) {
-        return this.record ? this.record.getTitle() : title;
+        return this.record ? Tine.Tinebase.EncodingHelper.encode(this.record.getTitle()) : Tine.Tinebase.EncodingHelper.encode(title);
     }
 });