FSN#37533 BLOCK_START titel altijd HTML-safe maken

svn path=/Website/trunk/; revision=34786
2017-08-01 11:19:43 +00:00
parent e725e5244c
commit c6f1db6cc1
5 changed files with 6 additions and 6 deletions
--- a/APPL/MLD/mld_show_melding.asp
+++ b/APPL/MLD/mld_show_melding.asp
@@ -412,7 +412,7 @@ function parentButton()
 %></div><% // div.leftcontainer, de rest staat rechts
-    BLOCK_START("mldInfo", L("lcl_complain") + " "+ (mld_melding.prefix != null? mld_melding.prefix : "") + mld_key + (mld_melding.mld_onderwerp ? ": <span class='mldsubject'>" + safe.html(mld_melding.mld_onderwerp) + "</span>" : ""), { safe: false });
+    BLOCK_START("mldInfo", L("lcl_complain") + " "+ (mld_melding.prefix != null? mld_melding.prefix : "") + mld_key + (mld_melding.mld_onderwerp ? ": <span class='mldsubject'>" + safe.html(mld_melding.mld_onderwerp) + "</span>" : ""), { ishtmlsafe: true });
      if (mld_melding.behandel_key) {
          FCLTpersoonselector("sBehandel",
                              "sgBehandelaar",
--- a/APPL/PRS/prs_phonebook.asp
+++ b/APPL/PRS/prs_phonebook.asp
@@ -78,7 +78,7 @@ FCLTHeader.Requires({plugins:["jQuery", "kenmerk"],
    <div id="search">
      <form method="get" action="prs_phonebook_list.asp" target=workFrame name="u2" onsubmit='startSearch(1);return false'>
            <input type="hidden" name="user_key" value="<%=user_key%>">
-<%    BLOCK_START("searchtable", L("lcl_pb_filterblok") + " <span id='phonebookteaser'>" + S("prs_phonebook_info") + "</span>", { safe: false });%>
+<%    BLOCK_START("searchtable", L("lcl_pb_filterblok") + " <span id='phonebookteaser'>" + S("prs_phonebook_info") + "</span>", { ishtmlsafe: true });%>
        <tr>
          <td class="searchkolom1">
            <table><!-- x rijen, 2 kolommen: label + veld -->
--- a/APPL/RES/res_edit_objcat.asp
+++ b/APPL/RES/res_edit_objcat.asp
@@ -276,7 +276,7 @@ var new_item_key = 0;  // Globaal
          {
            if (first)
            {
-              BLOCK_START("resObj",L("lcl_res_objects") + " <a href='javascript:openLegenda()'><span class='fa fa-list-ul details' title='"+L("lcl_res_legenda")+"'></span></a>", { safe: false });
+              BLOCK_START("resObj",L("lcl_res_objects") + " <a href='javascript:openLegenda()'><span class='fa fa-list-ul details' title='"+L("lcl_res_legenda")+"'></span></a>", { ishtmlsafe: true });
 %>
              <tr>
                <td>
--- a/APPL/SCF/scaffolding_search.inc
+++ b/APPL/SCF/scaffolding_search.inc
@@ -279,9 +279,9 @@ function scaffolding_search(model, scf_params)
        if ("estimated_rows" in model)
            est_title = " <em style='font-size:10px'>estimated {0} rows as of {1}</em>".format(model.estimated_rows, toDateTimeString(model.last_analyzed));
        else
-            est_title = " " + model.records_title;
+            est_title = " " + safe.html(model.records_title);
-        BLOCK_START("searchtable", L("lcl_filterblok") + est_title);
+        BLOCK_START("searchtable", L("lcl_filterblok") + est_title, { ishtmlsafe: true });
        if (scf_params.search.labels)
        {
--- a/APPL/Shared/iface.inc
+++ b/APPL/Shared/iface.inc
@@ -120,7 +120,7 @@ function BLOCK_START(id, title, params) {
    if (__blockactive__) ERROR_NESTED_BLOCK_START_DETECTED;
        __blockactive__ = true;
-    if (params.safe !== false && title && title != "&nbsp;") var safe_title = safe.html(title);
+    if (!params.ishtmlsafe && title && title != "&nbsp;") var safe_title = safe.html(title);
 %><!-- BLOCK_START <%=id%> -->
 <div id="<%=id%>" class="fcltblock" <%=params.hidden? ' style="display:none"' : ''%>>
   <div class="fcltblockhead"><%=(safe_title || title)%>