commit b80951f211579d2473b708d06c2c86b342e1c40b
author Scott Baker <smbaker@gmail.com> Wed Apr 01 15:39:29 2015 -0700
committer Scott Baker <smbaker@gmail.com> Wed Apr 01 15:39:29 2015 -0700
tree b583e1f0ad902e6db74a04362cf0c0be7b986f2d
parent 17421f90f800e967f8fd75872fa5ed8f07355965

escape quotes in strings used in HTML forms

xos/core/xoslib/static/js/xoslib/xosHelper.js

diff --git a/xos/core/xoslib/static/js/xoslib/xosHelper.js b/xos/core/xoslib/static/js/xoslib/xosHelper.js
index 2a4f2a2..cef138f 100644
--- a/xos/core/xoslib/static/js/xoslib/xosHelper.js
+++ b/xos/core/xoslib/static/js/xoslib/xosHelper.js
@@ -1154,3 +1154,11 @@
              '</select>';
     return result;
 }
+
+escapeForFormField = function(s) {
+    if (s===undefined) {
+        return "";
+    } else {
+        return s.replace(/"/g,'&quot;')
+    }
+}

xos/core/xoslib/templates/xosAdmin.html

diff --git a/xos/core/xoslib/templates/xosAdmin.html b/xos/core/xoslib/templates/xosAdmin.html
index aa758ae..9760390 100644
--- a/xos/core/xoslib/templates/xosAdmin.html
+++ b/xos/core/xoslib/templates/xosAdmin.html
@@ -174,7 +174,7 @@
         <% } else if (fieldName=="backend_status") { %>

             <td><%= xosBackendStatusTextTemplate.apply(this, args) %></td>

         <% } else { %>

-            <td><input type="text" name="<%= fieldName %>" value="<%= model.attributes[fieldName] %>"<%= readOnly %>></td>

+            <td><input type="text" name="<%= fieldName %>" value="<%= escapeForFormField(model.attributes[fieldName]) %>"<%= readOnly %>></td>

         <% } %>

         <td  class="xos-help-cell"><%= helpText[fieldName] %></td>

      </tr>