From: Moritz Bunkus Date: Mon, 11 Jan 2016 15:36:24 +0000 (+0100) Subject: Admin User-Bearbeiten-Maske: JavaScript.escape() nicht als Filter aufrufen X-Git-Tag: release-3.4.1~469 X-Git-Url: http://wagnertech.de/git?a=commitdiff_plain;h=1f6e513bac22932bb8b204accf3e8389965e4ac0;p=kivitendo-erp.git Admin User-Bearbeiten-Maske: JavaScript.escape() nicht als Filter aufrufen Siehe Commit-Nachricht 70654da für die Begründung. --- diff --git a/templates/webpages/admin/edit_user.html b/templates/webpages/admin/edit_user.html index 8b3bde11e..34a01a2de 100644 --- a/templates/webpages/admin/edit_user.html +++ b/templates/webpages/admin/edit_user.html @@ -173,7 +173,7 @@ function submit_delete() { [% SET used_for_task_server_in_clients = SELF.is_user_used_for_task_server(SELF.user) %] [% IF used_for_task_server_in_clients %] - alert('[% LxERP.t8('The user cannot be deleted as it is used in the following clients: #1', used_for_task_server_in_clients) | js %]'); + alert('[% JavaScript.escape(LxERP.t8('The user cannot be deleted as it is used in the following clients: #1', used_for_task_server_in_clients)) %]'); return false; [% ELSE %] submit_with_action('delete_user');