drafts: html escaping für Vorlagen mit single quotes

author Sven Schöling <s.schoeling@linet-services.de>

Tue, 25 Oct 2016 09:27:01 +0000 (11:27 +0200)

committer Moritz Bunkus <m.bunkus@linet-services.de>

Tue, 28 Feb 2017 09:04:33 +0000 (10:04 +0100)
author Sven Schöling <s.schoeling@linet-services.de>
Tue, 25 Oct 2016 09:27:01 +0000 (11:27 +0200)
committer Moritz Bunkus <m.bunkus@linet-services.de>
Tue, 28 Feb 2017 09:04:33 +0000 (10:04 +0100)
diff --git a/templates/webpages/drafts/form.html b/templates/webpages/drafts/form.html

index 031b0a1..4777a7a 100644 (file)
--- a/templates/webpages/drafts/form.html
+++ b/templates/webpages/drafts/form.html
@@ -12,7 +12,7 @@
  [%- END %]
  
  [% L.hidden_tag('', FORM.id, id='new_draft_id') %]
-[% 'Description' | $T8 %]: <input id='new_draft_description' value='[% FORM.description | html %]'>
+[% 'Description' | $T8 %]: [% L.input_tag('new_draft_description', FORM.description) %]
  [% L.button_tag('kivi.Draft.save("' _ HTML.escape(SELF.module) _ '", "' _ HTML.escape(SELF.submodule) _ '")', LxERP.t8('Save draft')) %]
  
  [%- IF drafts_list.size %]
author	Sven Schöling <s.schoeling@linet-services.de>
	Tue, 25 Oct 2016 09:27:01 +0000 (11:27 +0200)
committer	Moritz Bunkus <m.bunkus@linet-services.de>
	Tue, 28 Feb 2017 09:04:33 +0000 (10:04 +0100)