From 2255c847781c16510a215878ff4058d57ac3c122 Mon Sep 17 00:00:00 2001 From: Alex Tselegidis Date: Wed, 5 Apr 2023 15:38:17 +0200 Subject: [PATCH] Escape the popover title for special HTML characters. --- assets/js/utils/calendar_default_view.js | 2 +- assets/js/utils/calendar_table_view.js | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/assets/js/utils/calendar_default_view.js b/assets/js/utils/calendar_default_view.js index 8677010e..025a059e 100755 --- a/assets/js/utils/calendar_default_view.js +++ b/assets/js/utils/calendar_default_view.js @@ -734,7 +734,7 @@ App.Utils.CalendarDefaultView = (function () { $target.popover({ placement: 'top', - title: info.event.title, + title: App.Utils.String.escapeHtml(info.event.title), content: $html, html: true, container: '#calendar', diff --git a/assets/js/utils/calendar_table_view.js b/assets/js/utils/calendar_table_view.js index e9b025af..28cacadc 100755 --- a/assets/js/utils/calendar_table_view.js +++ b/assets/js/utils/calendar_table_view.js @@ -1406,7 +1406,7 @@ App.Utils.CalendarTableView = (function () { $target.popover({ placement: 'top', - title: info.event.title, + title: App.Utils.String.escapeHtml(info.event.title), content: $html, html: true, container: '#calendar',