diff options
Diffstat (limited to 'perllib/FixMyStreet')
| -rw-r--r-- | perllib/FixMyStreet/App/Controller/Around.pm | 2 | ||||
| -rw-r--r-- | perllib/FixMyStreet/App/View/Web.pm | 21 |
2 files changed, 22 insertions, 1 deletions
diff --git a/perllib/FixMyStreet/App/Controller/Around.pm b/perllib/FixMyStreet/App/Controller/Around.pm index c93ca7334..0f871508e 100644 --- a/perllib/FixMyStreet/App/Controller/Around.pm +++ b/perllib/FixMyStreet/App/Controller/Around.pm @@ -269,7 +269,7 @@ sub ajax : Path('/ajax') { ); # JSON encode the response - my $body = JSON->new->utf8(1)->pretty(1)->encode( + my $body = JSON->new->utf8(1)->encode( { pins => $pins, current => $on_map_list_html, diff --git a/perllib/FixMyStreet/App/View/Web.pm b/perllib/FixMyStreet/App/View/Web.pm index 44f80e375..5579d0d53 100644 --- a/perllib/FixMyStreet/App/View/Web.pm +++ b/perllib/FixMyStreet/App/View/Web.pm @@ -23,6 +23,7 @@ __PACKAGE__->config( ], FILTERS => { escape_js => \&escape_js, + html => \&html_filter, }, COMPILE_EXT => '.ttc', STAT_TTL => FixMyStreet->config('STAGING_SITE') ? 1 : 86400, @@ -144,5 +145,25 @@ sub escape_js { return $text; } +=head2 html_filter + +Same as Template Toolkit's html_filter, but escapes ' too, as we don't (and +shouldn't have to) know whether we'll be used inbetween single or double +quotes. + +=cut + +sub html_filter { + my $text = shift; + for ($text) { + s/&/&/g; + s/</</g; + s/>/>/g; + s/"/"/g; + s/'/'/g; + } + return $text; +} + 1; |