From 1f6e513bac22932bb8b204accf3e8389965e4ac0 Mon Sep 17 00:00:00 2001 From: Moritz Bunkus Date: Mon, 11 Jan 2016 16:36:24 +0100 Subject: [PATCH] Admin User-Bearbeiten-Maske: JavaScript.escape() nicht als Filter aufrufen MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Siehe Commit-Nachricht 70654da für die Begründung. --- templates/webpages/admin/edit_user.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/webpages/admin/edit_user.html b/templates/webpages/admin/edit_user.html index 8b3bde11e..34a01a2de 100644 --- a/templates/webpages/admin/edit_user.html +++ b/templates/webpages/admin/edit_user.html @@ -173,7 +173,7 @@ function submit_delete() { [% SET used_for_task_server_in_clients = SELF.is_user_used_for_task_server(SELF.user) %] [% IF used_for_task_server_in_clients %] - alert('[% LxERP.t8('The user cannot be deleted as it is used in the following clients: #1', used_for_task_server_in_clients) | js %]'); + alert('[% JavaScript.escape(LxERP.t8('The user cannot be deleted as it is used in the following clients: #1', used_for_task_server_in_clients)) %]'); return false; [% ELSE %] submit_with_action('delete_user'); -- 2.20.1