escape quotes in strings used in HTML forms

commit: 5ccbff4eb66ec204706a8ec2f6f14c80dd2ecfe6 [log] [tgz]
author: Scott Baker <smbaker@gmail.com> Wed Apr 01 15:39:29 2015 -0700
committer: Scott Baker <smbaker@gmail.com> Wed Apr 01 15:39:29 2015 -0700
tree: b583e1f0ad902e6db74a04362cf0c0be7b986f2d
parent: d9a2c6ed11f9f7980a50367adc8b00add4cd351a [diff]
diff --git a/xos/core/xoslib/static/js/xoslib/xosHelper.js b/xos/core/xoslib/static/js/xoslib/xosHelper.js
index 2a4f2a2..cef138f 100644
--- a/xos/core/xoslib/static/js/xoslib/xosHelper.js
+++ b/xos/core/xoslib/static/js/xoslib/xosHelper.js

@@ -1154,3 +1154,11 @@
              '</select>';
     return result;
 }
+
+escapeForFormField = function(s) {
+    if (s===undefined) {
+        return "";
+    } else {
+        return s.replace(/"/g,'&quot;')
+    }
+}

diff --git a/xos/core/xoslib/templates/xosAdmin.html b/xos/core/xoslib/templates/xosAdmin.html
index aa758ae..9760390 100644
--- a/xos/core/xoslib/templates/xosAdmin.html
+++ b/xos/core/xoslib/templates/xosAdmin.html

@@ -174,7 +174,7 @@
         <% } else if (fieldName=="backend_status") { %>

             <td><%= xosBackendStatusTextTemplate.apply(this, args) %></td>

         <% } else { %>

-            <td><input type="text" name="<%= fieldName %>" value="<%= model.attributes[fieldName] %>"<%= readOnly %>></td>

+            <td><input type="text" name="<%= fieldName %>" value="<%= escapeForFormField(model.attributes[fieldName]) %>"<%= readOnly %>></td>

         <% } %>

         <td  class="xos-help-cell"><%= helpText[fieldName] %></td>

      </tr>
commit	5ccbff4eb66ec204706a8ec2f6f14c80dd2ecfe6	[log] [tgz]
author	Scott Baker <smbaker@gmail.com>	Wed Apr 01 15:39:29 2015 -0700
committer	Scott Baker <smbaker@gmail.com>	Wed Apr 01 15:39:29 2015 -0700
tree	b583e1f0ad902e6db74a04362cf0c0be7b986f2d
parent	d9a2c6ed11f9f7980a50367adc8b00add4cd351a [diff]