diff options
| author | Matthew Somerville <matthew@mysociety.org> | 2011-07-04 16:47:17 +0100 |
|---|---|---|
| committer | Matthew Somerville <matthew@mysociety.org> | 2011-07-04 16:47:17 +0100 |
| commit | 11b8e01670ed338fa5cdcebba89ebe4f212cf9a7 (patch) | |
| tree | e054128d8b74d22bdfed9baf5ccc9d58b54cfb87 /perllib/FixMyStreet/App/View | |
| parent | d8ff34ad5e57eae9faa2aaa909298fb4ffe26412 (diff) | |
Escape JS string better.
Diffstat (limited to 'perllib/FixMyStreet/App/View')
| -rw-r--r-- | perllib/FixMyStreet/App/View/Web.pm | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/perllib/FixMyStreet/App/View/Web.pm b/perllib/FixMyStreet/App/View/Web.pm index 358e280c3..df2d0ac20 100644 --- a/perllib/FixMyStreet/App/View/Web.pm +++ b/perllib/FixMyStreet/App/View/Web.pm @@ -21,6 +21,9 @@ __PACKAGE__->config( 'loc', 'nget', 'tprintf', 'display_crosssell_advert', 'prettify_epoch', 'add_links', ], + FILTERS => { + escape_js => \&escape_js, + }, ); =head1 NAME @@ -120,5 +123,24 @@ sub add_links { return $text; } +=head2 escape_js + +Used to escape strings that are going to be put inside JavaScript. + +=cut + +sub escape_js { + my $text = shift; + my %lookup = ( + '\\' => 'u005c', + '"' => 'u0022', + "'" => 'u0027', + '<' => 'u003c', + '>' => 'u003e', + ); + $text =~ s/([\\"'<>])/\\$lookup{$1}/g; + return $text; +} + 1; |