Skip to content
Permalink
Browse files Browse the repository at this point in the history
Add escaping for tags on item form
  • Loading branch information
zerocrates committed Apr 24, 2018
1 parent 659a660 commit ba84189
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 2 deletions.
2 changes: 1 addition & 1 deletion admin/themes/default/items/tag-form.php
Expand Up @@ -18,7 +18,7 @@
<ul id="all-tags-list">
<?php foreach( $tags as $tag ): ?>
<li>
<?php echo '<span class="tag">' . $tag->name . '</span>';
<?php echo '<span class="tag">' . html_escape($tag->name) . '</span>';
echo '<span class="undo-remove-tag"><a href="#">' . __('Undo') . '</a></span>';
echo '<span class="remove-tag"><a href="#">' . __('Remove') . '</a></span>'; ?>
</li>
Expand Down
2 changes: 1 addition & 1 deletion admin/themes/default/javascripts/items.js
Expand Up @@ -102,7 +102,7 @@ Omeka.Items = {};

var undoButton = $('<span class="undo-remove-tag"><a href="#">Undo</a></span>').appendTo(tagLi);
var deleteButton = $('<span class="remove-tag"><a href="#">Remove</a></span>').appendTo(tagLi);
tagLi.prepend('<span class="tag">' + tag + '</span>');
$('<span></span>', {'class': 'tag', 'text': tag}).appendTo(tagLi);

if($('#all-tags-list').length != 0) {
$('#all-tags-list').append(tagLi);
Expand Down

0 comments on commit ba84189

Please sign in to comment.