Revert "Excape HTML (where needed, for bootbox) (references #996)"

This reverts commit 0df2590de27c60c18b7db6e056347bd2aff5a887. Revert "Excape shopping list item notes (references #996)" This reverts commit 0624b0df594a4353ef25e6b1874565ea52ce7772.
2025-04-29 09:39:57 +00:00 · 2020-10-14 22:58:26 +02:00 · 2020-10-14 22:58:26 +02:00 · 08644f95bf
commit 08644f95bf
parent c11001467b
20 changed files with 28 additions and 32 deletions
--- a/public/js/extensions.js
+++ b/public/js/extensions.js
@ -195,8 +195,3 @@ function getQRCodeForAPIKey(apikey_type, apikey_key)
 	}
 	return getQRCodeForContent(content);
 }
 function SanitizeHtml(input)
 {
 	return $("<div/>").text(input).html();
 }
--- a/public/viewjs/batteries.js
+++ b/public/viewjs/batteries.js
@ -21,7 +21,7 @@ $("#search").on("keyup", Delay(function()
 $(document).on('click', '.battery-delete-button', function(e)
 {
-	var objectName = SanitizeHtml($(e.currentTarget).attr('data-battery-name'));
+	var objectName = $(e.currentTarget).attr('data-battery-name');
 	var objectId = $(e.currentTarget).attr('data-battery-id');
 	bootbox.confirm({
--- a/public/viewjs/chores.js
+++ b/public/viewjs/chores.js
@ -21,7 +21,7 @@ $("#search").on("keyup", Delay(function()
 $(document).on('click', '.chore-delete-button', function(e)
 {
-	var objectName = SanitizeHtml($(e.currentTarget).attr('data-chore-name'));
+	var objectName = $(e.currentTarget).attr('data-chore-name');
 	var objectId = $(e.currentTarget).attr('data-chore-id');
 	bootbox.confirm({
--- a/public/viewjs/components/productpicker.js
+++ b/public/viewjs/components/productpicker.js
@ -162,7 +162,7 @@ $('#product_id_text_input').on('blur', function(e)
 			Grocy.Components.ProductPicker.PopupOpen = true;
 			bootbox.dialog({
-				message: __t('"%s" could not be resolved to a product, how do you want to proceed?', SanitizeHtml(input)),
+				message: __t('"%s" could not be resolved to a product, how do you want to proceed?', input),
 				title: __t('Create or assign product'),
 				onEscape: function()
 				{
--- a/public/viewjs/equipment.js
+++ b/public/viewjs/equipment.js
@ -68,7 +68,7 @@ $("#search").on("keyup", Delay(function()
 $(document).on('click', '.equipment-delete-button', function(e)
 {
-	var objectName = SanitizeHtml($(e.currentTarget).attr('data-equipment-name'));
+	var objectName = $(e.currentTarget).attr('data-equipment-name');
 	var objectId = $(e.currentTarget).attr('data-equipment-id');
 	bootbox.confirm({
--- a/public/viewjs/locations.js
+++ b/public/viewjs/locations.js
@ -21,7 +21,7 @@ $("#search").on("keyup", Delay(function()
 $(document).on('click', '.location-delete-button', function(e)
 {
-	var objectName = SanitizeHtml($(e.currentTarget).attr('data-location-name'));
+	var objectName = $(e.currentTarget).attr('data-location-name');
 	var objectId = $(e.currentTarget).attr('data-location-id');
 	bootbox.confirm({
--- a/public/viewjs/mealplan.js
+++ b/public/viewjs/mealplan.js
@ -563,7 +563,7 @@ $(document).on('click', '.recipe-order-missing-button', function(e)
 	// to prevent that the tooltip stays until clicked anywhere else
 	document.activeElement.blur();
-	var objectName = SanitizeHtml($(e.currentTarget).attr('data-recipe-name'));
+	var objectName = $(e.currentTarget).attr('data-recipe-name');
 	var objectId = $(e.currentTarget).attr('data-recipe-id');
 	var button = $(this);
 	var servings = $(e.currentTarget).attr('data-mealplan-servings');
@ -667,7 +667,7 @@ $(document).on('click', '.recipe-consume-button', function(e)
 	// to prevent that the tooltip stays until clicked anywhere else
 	document.activeElement.blur();
-	var objectName = SanitizeHtml($(e.currentTarget).attr('data-recipe-name'));
+	var objectName = $(e.currentTarget).attr('data-recipe-name');
 	var objectId = $(e.currentTarget).attr('data-recipe-id');
 	var servings = $(e.currentTarget).attr('data-mealplan-servings');
--- a/public/viewjs/productgroups.js
+++ b/public/viewjs/productgroups.js
@ -21,7 +21,7 @@ $("#search").on("keyup", Delay(function()
 $(document).on('click', '.product-group-delete-button', function(e)
 {
-	var objectName = SanitizeHtml($(e.currentTarget).attr('data-group-name'));
+	var objectName = $(e.currentTarget).attr('data-group-name');
 	var objectId = $(e.currentTarget).attr('data-group-id');
 	bootbox.confirm({
--- a/public/viewjs/products.js
+++ b/public/viewjs/products.js
@ -38,7 +38,7 @@ if (typeof GetUriParam("product-group") !== "undefined")
 $(document).on('click', '.product-delete-button', function(e)
 {
-	var objectName = SanitizeHtml($(e.currentTarget).attr('data-product-name'));
+	var objectName = $(e.currentTarget).attr('data-product-name');
 	var objectId = $(e.currentTarget).attr('data-product-id');
 	Grocy.Api.Get('stock/products/' + objectId,
--- a/public/viewjs/quantityunits.js
+++ b/public/viewjs/quantityunits.js
@ -21,7 +21,7 @@ $("#search").on("keyup", Delay(function()
 $(document).on('click', '.quantityunit-delete-button', function(e)
 {
-	var objectName = SanitizeHtml($(e.currentTarget).attr('data-quantityunit-name'));
+	var objectName = $(e.currentTarget).attr('data-quantityunit-name');
 	var objectId = $(e.currentTarget).attr('data-quantityunit-id');
 	bootbox.confirm({
--- a/public/viewjs/recipeform.js
+++ b/public/viewjs/recipeform.js
@ -126,7 +126,7 @@ $('#recipe-form input').keydown(function(event)
 $(document).on('click', '.recipe-pos-delete-button', function(e)
 {
-	var objectName = SanitizeHtml($(e.currentTarget).attr('data-recipe-pos-name'));
+	var objectName = $(e.currentTarget).attr('data-recipe-pos-name');
 	var objectId = $(e.currentTarget).attr('data-recipe-pos-id');
 	bootbox.confirm({
@ -163,7 +163,7 @@ $(document).on('click', '.recipe-pos-delete-button', function(e)
 $(document).on('click', '.recipe-include-delete-button', function(e)
 {
-	var objectName = SanitizeHtml($(e.currentTarget).attr('data-recipe-include-name'));
+	var objectName = $(e.currentTarget).attr('data-recipe-include-name');
 	var objectId = $(e.currentTarget).attr('data-recipe-include-id');
 	bootbox.confirm({
@ -200,7 +200,7 @@ $(document).on('click', '.recipe-include-delete-button', function(e)
 $(document).on('click', '.recipe-pos-show-note-button', function(e)
 {
-	var note = SanitizeHtml($(e.currentTarget).attr('data-recipe-pos-note'));
+	var note = $(e.currentTarget).attr('data-recipe-pos-note');
 	bootbox.alert(note);
 });
--- a/public/viewjs/recipes.js
+++ b/public/viewjs/recipes.js
@ -98,7 +98,7 @@ $(".recipe-delete").on('click', function(e)
 {
 	e.preventDefault();
-	var objectName = SanitizeHtml($(e.currentTarget).attr('data-recipe-name'));
+	var objectName = $(e.currentTarget).attr('data-recipe-name');
 	var objectId = $(e.currentTarget).attr('data-recipe-id');
 	bootbox.confirm({
@ -135,7 +135,7 @@ $(".recipe-delete").on('click', function(e)
 $(document).on('click', '.recipe-shopping-list', function(e)
 {
-	var objectName = SanitizeHtml($(e.currentTarget).attr('data-recipe-name'));
+	var objectName = $(e.currentTarget).attr('data-recipe-name');
 	var objectId = $(e.currentTarget).attr('data-recipe-id');
 	bootbox.confirm({
@ -181,7 +181,7 @@ $(document).on('click', '.recipe-shopping-list', function(e)
 $(".recipe-consume").on('click', function(e)
 {
-	var objectName = SanitizeHtml($(e.currentTarget).attr('data-recipe-name'));
+	var objectName = $(e.currentTarget).attr('data-recipe-name');
 	var objectId = $(e.currentTarget).attr('data-recipe-id');
 	bootbox.confirm({
--- a/public/viewjs/shoppinglist.js
+++ b/public/viewjs/shoppinglist.js
@ -77,7 +77,7 @@ $(".status-filter-message").on("click", function()
 $("#delete-selected-shopping-list").on("click", function()
 {
-	var objectName = SanitizeHtml($("#selected-shopping-list option:selected").text());
+	var objectName = $("#selected-shopping-list option:selected").text();
 	var objectId = $("#selected-shopping-list").val();
 	bootbox.confirm({
@ -172,7 +172,7 @@ $(document).on('click', '#add-expired-products', function(e)
 $(document).on('click', '#clear-shopping-list', function(e)
 {
 	bootbox.confirm({
-		message: __t('Are you sure to empty shopping list "%s"?', SanitizeHtml($("#selected-shopping-list option:selected").text())),
+		message: __t('Are you sure to empty shopping list "%s"?', $("#selected-shopping-list option:selected").text()),
 		closeButton: false,
 		buttons: {
 			confirm: {
--- a/public/viewjs/shoppinglocations.js
+++ b/public/viewjs/shoppinglocations.js
@ -21,7 +21,7 @@ $("#search").on("keyup", Delay(function()
 $(document).on('click', '.shoppinglocation-delete-button', function(e)
 {
-	var objectName = SanitizeHtml($(e.currentTarget).attr('data-shoppinglocation-name'));
+	var objectName = $(e.currentTarget).attr('data-shoppinglocation-name');
 	var objectId = $(e.currentTarget).attr('data-shoppinglocation-id');
 	bootbox.confirm({
--- a/public/viewjs/taskcategories.js
+++ b/public/viewjs/taskcategories.js
@ -21,7 +21,7 @@ $("#search").on("keyup", Delay(function()
 $(document).on('click', '.task-category-delete-button', function(e)
 {
-	var objectName = SanitizeHtml($(e.currentTarget).attr('data-category-name'));
+	var objectName = $(e.currentTarget).attr('data-category-name');
 	var objectId = $(e.currentTarget).attr('data-category-id');
 	bootbox.confirm({
--- a/public/viewjs/tasks.js
+++ b/public/viewjs/tasks.js
@ -119,7 +119,7 @@ $(document).on('click', '.delete-task-button', function(e)
 {
 	e.preventDefault();
-	var objectName = SanitizeHtml($(e.currentTarget).attr('data-task-name'));
+	var objectName = $(e.currentTarget).attr('data-task-name');
 	var objectId = $(e.currentTarget).attr('data-task-id');
 	bootbox.confirm({
--- a/public/viewjs/userentities.js
+++ b/public/viewjs/userentities.js
@ -21,7 +21,7 @@ $("#search").on("keyup", Delay(function()
 $(document).on('click', '.userentity-delete-button', function(e)
 {
-	var objectName = SanitizeHtml($(e.currentTarget).attr('data-userentity-name'));
+	var objectName = $(e.currentTarget).attr('data-userentity-name');
 	var objectId = $(e.currentTarget).attr('data-userentity-id');
 	bootbox.confirm({
--- a/public/viewjs/userfields.js
+++ b/public/viewjs/userfields.js
@ -33,7 +33,7 @@ $("#entity-filter").on("change", function()
 $(document).on('click', '.userfield-delete-button', function(e)
 {
-	var objectName = SanitizeHtml($(e.currentTarget).attr('data-userfield-name'));
+	var objectName = $(e.currentTarget).attr('data-userfield-name');
 	var objectId = $(e.currentTarget).attr('data-userfield-id');
 	bootbox.confirm({
--- a/public/viewjs/users.js
+++ b/public/viewjs/users.js
@ -21,7 +21,7 @@ $("#search").on("keyup", Delay(function()
 $(document).on('click', '.user-delete-button', function(e)
 {
-	var objectName = SanitizeHtml($(e.currentTarget).attr('data-user-username'));
+	var objectName = $(e.currentTarget).attr('data-user-username');
 	var objectId = $(e.currentTarget).attr('data-user-id');
 	bootbox.confirm({
--- a/views/shoppinglist.blade.php
+++ b/views/shoppinglist.blade.php
@ -121,7 +121,8 @@
 			<select class="form-control"
 				id="status-filter">
 				<option value="all">{{ $__t('All') }}</option>
-				<option class="@if(!GROCY_FEATURE_FLAG_STOCK) d-none @endif" value="belowminstockamount">{{ $__t('Below min. stock amount') }}</option>
+				<option class="@if(!GROCY_FEATURE_FLAG_STOCK) d-none @endif"
 					value="belowminstockamount">{{ $__t('Below min. stock amount') }}</option>
 				<option value="xxUNDONExx">{{ $__t('Only undone items') }}</option>
 			</select>
 		</div>
@ -195,7 +196,7 @@
 						</a>
 					</td>
 					<td>
-						@if(!empty($listItem->product_id)) {{ FindObjectInArrayByPropertyValue($products, 'id', $listItem->product_id)->name }}<br>@endif<em>{!! nl2br(e($listItem->note)) !!}</em>
+						@if(!empty($listItem->product_id)) {{ FindObjectInArrayByPropertyValue($products, 'id', $listItem->product_id)->name }}<br>@endif<em>{!! nl2br($listItem->note) !!}</em>
 					</td>
 					<td>
 						<span class="locale-number locale-number-quantity-amount">{{ $listItem->amount }}</span> @if(!empty($listItem->product_id)){{ $__n($listItem->amount, FindObjectInArrayByPropertyValue($quantityunits, 'id', FindObjectInArrayByPropertyValue($products, 'id', $listItem->product_id)->qu_id_purchase)->name, FindObjectInArrayByPropertyValue($quantityunits, 'id', FindObjectInArrayByPropertyValue($products, 'id', $listItem->product_id)->qu_id_purchase)->name_plural) }}@endif
@ -301,7 +302,7 @@
 					@foreach($listItems as $listItem)
 					<tr>
 						<td>
-							@if(!empty($listItem->product_id)) {{ FindObjectInArrayByPropertyValue($products, 'id', $listItem->product_id)->name }}<br>@endif<em>{!! nl2br(e($listItem->note)) !!}</em>
+							@if(!empty($listItem->product_id)) {{ FindObjectInArrayByPropertyValue($products, 'id', $listItem->product_id)->name }}<br>@endif<em>{!! nl2br($listItem->note) !!}</em>
 						</td>
 						<td>
 							{{ $listItem->amount }} @if(!empty($listItem->product_id)){{ $__n($listItem->amount, FindObjectInArrayByPropertyValue($quantityunits, 'id', FindObjectInArrayByPropertyValue($products, 'id', $listItem->product_id)->qu_id_purchase)->name, FindObjectInArrayByPropertyValue($quantityunits, 'id', FindObjectInArrayByPropertyValue($products, 'id', $listItem->product_id)->qu_id_purchase)->name_plural) }}@endif