odoo
/
odoo
2
0
Fork 0
Code Pull Requests Releases Activity

[FIX] web_calendar, website: avoid rendering errors with special characters

This commit is contained in:
Olivier Dony 2015-07-01 17:49:56 +02:00
parent d0735fc557
commit e3bd2a5914
2 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
addons/web_calendar/static/src/js/web_calendar.js
View File

@ -544,7 +544,7 @@ openerp.web_calendar = function(instance) {
attendee_showed += 1;
if (attendee_showed<= MAX_ATTENDEES) {
if (self.avatar_model !== null) {
the_title_avatar += '<img title="' + self.all_attendees[the_attendee_people] + '" class="attendee_head" \
the_title_avatar += '<img title="' + _.escape(self.all_attendees[the_attendee_people]) + '" class="attendee_head" \
src="/web/binary/image?model=' + self.avatar_model + '&field=image_small&id=' + the_attendee_people + '"></img>';
}
else {
@ -552,12 +552,12 @@ openerp.web_calendar = function(instance) {
tempColor = (self.all_filters[the_attendee_people] !== undefined)
? self.all_filters[the_attendee_people].color
: (self.all_filters[-1] ? self.all_filters[-1].color : 1);
the_title_avatar += '<i class="fa fa-user attendee_head color_'+tempColor+'" title="' + self.all_attendees[the_attendee_people] + '" ></i>';
the_title_avatar += '<i class="fa fa-user attendee_head color_'+tempColor+'" title="' + _.escape(self.all_attendees[the_attendee_people]) + '" ></i>';
}//else don't add myself
}
}
else {
attendee_other += self.all_attendees[the_attendee_people] +", ";
attendee_other += _.escape(self.all_attendees[the_attendee_people]) +", ";
}
}
);

2
addons/website/static/src/js/website.snippets.animation.js
View File

@ -152,7 +152,7 @@
website.snippet.animationRegistry.media_video = website.snippet.Animation.extend({
selector: ".media_iframe_video",
start: function () {
this.$target.html('<div class="css_editable_mode_display">&nbsp;</div><iframe src="'+this.$target.data("src")+'" frameborder="0" allowfullscreen="allowfullscreen"></iframe>');
this.$target.html('<div class="css_editable_mode_display">&nbsp;</div><iframe src="'+_.escape(this.$target.data("src"))+'" frameborder="0" allowfullscreen="allowfullscreen"></iframe>');
},
});
})();