Escape data attributes in template.

This fixes a bug whereby a double quote in an item would not be JSON-escaped due to being HTML-escaped first, meaning it would not parse as JSON on the client.
author: Matthew Somerville <matthew-github@dracos.co.uk> 2018-05-22 11:14:54 +0100
committer: Matthew Somerville <matthew-github@dracos.co.uk> 2018-05-23 13:45:54 +0100
commit: 6150cdcb32474102370a4be4d730ca55c1a74e7e (patch)
tree: abe6bef0b6803fdf592793a3a312d1b91bb579d7 /web
parent: 1c8249e4b9a7199cad448de3eeb8e1c6b0fb7f1f (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/web/cobrands/fixmystreet/staff.js b/web/cobrands/fixmystreet/staff.js
index 134f57a7f..0dd635437 100644
--- a/web/cobrands/fixmystreet/staff.js
+++ b/web/cobrands/fixmystreet/staff.js
@@ -232,6 +232,9 @@ $.extend(fixmystreet.set_up, {
         opts.state = opts.state || $inspect_form.find('[name=state]').val();
         var selector = "[data-category='" + opts.category + "']";
         var data = $inspect_form.find(selector).data('templates') || [];
+        if (data.constructor !== Array) {
+          return;
+        }
         data = $.grep(data, function(d, i) {
             if (!d.state || d.state == opts.state) {
                 return true;
@@ -243,6 +246,9 @@ $.extend(fixmystreet.set_up, {
 
     function populateSelect($select, data, label_formatter) {
       $select.find('option:gt(0)').remove();
+      if (data.constructor !== Array) {
+        return;
+      }
       $.each(data, function(k,v) {
         var label = window.fixmystreet.utils[label_formatter](v);
         var $opt = $('<option></option>').attr('value', v.id).text(label);
author	Matthew Somerville <matthew-github@dracos.co.uk>	2018-05-22 11:14:54 +0100
committer	Matthew Somerville <matthew-github@dracos.co.uk>	2018-05-23 13:45:54 +0100
commit	6150cdcb32474102370a4be4d730ca55c1a74e7e (patch)
tree	abe6bef0b6803fdf592793a3a312d1b91bb579d7 /web
parent	1c8249e4b9a7199cad448de3eeb8e1c6b0fb7f1f (diff)