X-Git-Url: http://wagnertech.de/git?a=blobdiff_plain;f=SL%2FPresenter%2FEscapedText.pm;h=ca3c8ca62f297c83bfc34a290aea3ab4bf5af80d;hb=9b039e37be3108c90d20d4db36f0a9a54400c800;hp=2fc04fdeb80c087f9d98e18e4030b2b906ec909e;hpb=0e5e350124f7eec8f67109fe4777bc2dae6c0ea6;p=kivitendo-erp.git

diff --git a/SL/Presenter/EscapedText.pm b/SL/Presenter/EscapedText.pm
index 2fc04fdeb..ca3c8ca62 100644
--- a/SL/Presenter/EscapedText.pm
+++ b/SL/Presenter/EscapedText.pm
@@ -10,6 +10,14 @@ use JSON ();
 
 use overload '""' => \&escaped_text;
 
+my %html_entities = (
+  '<' => '&lt;',
+  '>' => '&gt;',
+  '&' => '&amp;',
+  '"' => '&quot;',
+  "'" => '&apos;',
+);
+
 # static constructors
 sub new {
   my ($class, %params) = @_;
@@ -17,11 +25,17 @@ sub new {
   return $params{text} if ref($params{text}) eq $class;
 
   my $self      = bless {}, $class;
-  $self->{text} = $params{is_escaped} ? $params{text} : $::locale->quote_special_chars('HTML', $params{text});
+  $self->{text} = $params{is_escaped} ? $params{text} : quote_html($params{text});
 
   return $self;
 }
 
+sub quote_html {
+  return undef unless defined $_[0];
+  (my $x = $_[0]) =~ s/(["'<>&])/$html_entities{$1}/ge;
+  $x
+}
+
 sub escape {
   __PACKAGE__->new(text => $_[0]);
 }