Permalink
Browse files

Escape JavaScript on item label when dynamically adding new options t…

…o Select fields

Escape JavaScript on item label when dynamically adding new options to Select fields
  • Loading branch information...
1 parent ab1f308 commit bb866b634b0f4679e8af3199a5f152c0cde1b06f @karolsarnacki karolsarnacki committed Sep 18, 2012
Showing with 3 additions and 3 deletions.
  1. +3 −3 app/views/admin/resources/edit.html.erb
@@ -10,18 +10,18 @@
</h2>
<% if headless_mode? && params[:action] == 'edit' && flash.keys.include?(:notice) && !params[:_input] %>
- <script type="text/javascript">
+ <%= javascript_tag do %>
$(document).ready(function () {
<% if params[:attribute] %>
- var option = new Option("<%= @item.to_label %>", "<%= @item.id %>", true, true);
+ var option = new Option("<%=j @item.to_label.html_safe %>", "<%= @item.id %>", true, true);
parent.$("#<%= params[:attribute] %>").append(option);
parent.$(".chzn-select-<%= params[:attribute] %>").trigger("liszt:updated");
<% else %>
parent.Typus.parent_location_reload = true;
<% end %>
parent.$.fancybox.close();
});
- </script>
+ <% end %>
<% end %>
<%= admin_display_flash_message %>

0 comments on commit bb866b6

Please sign in to comment.