Presenter::EscapedText: quote_html nicht über $::locale laufen lassen

[kivitendo-erp.git] / SL / Presenter / EscapedText.pm

diff --git a/SL/Presenter/EscapedText.pm b/SL/Presenter/EscapedText.pm
index 2fc04fd..ca3c8ca 100644 (file)
--- a/SL/Presenter/EscapedText.pm
+++ b/SL/Presenter/EscapedText.pm
@@ -10,6 +10,14 @@ use JSON ();
 
 use overload '""' => \&escaped_text;
 
+my %html_entities = (
+  '<' => '&lt;',
+  '>' => '&gt;',
+  '&' => '&amp;',
+  '"' => '&quot;',
+  "'" => '&apos;',
+);
+
 # static constructors
 sub new {
   my ($class, %params) = @_;
@@ -17,11 +25,17 @@ sub new {
   return $params{text} if ref($params{text}) eq $class;
 
   my $self      = bless {}, $class;
-  $self->{text} = $params{is_escaped} ? $params{text} : $::locale->quote_special_chars('HTML', $params{text});
+  $self->{text} = $params{is_escaped} ? $params{text} : quote_html($params{text});
 
   return $self;
 }
 
+sub quote_html {
+  return undef unless defined $_[0];
+  (my $x = $_[0]) =~ s/(["'<>&])/$html_entities{$1}/ge;
+  $x
+}
+
 sub escape {
   __PACKAGE__->new(text => $_[0]);
 }