Bug 25279: HTML escape cells

This patch makes HTML entities be escaped. It is done in a simple way.
We need to explore ways to do it at datatables.js level but it deserves
its own bug.

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/admin/cities.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/admin/cities.tt
index 445d839..f25a6e8 100644 (file)
--- a/koha-tmpl/intranet-tmpl/prog/en/modules/admin/cities.tt
+++ b/koha-tmpl/intranet-tmpl/prog/en/modules/admin/cities.tt
@@ -183,6 +183,15 @@
                 },
                 'dom': 'C<"top pager"ilpfB><"#filter_c">tr<"bottom pager"ip>',
                 "order": [[ 1, "asc" ]],
+                "columnDefs": [ {
+                    "targets": [0,1,2,3,4],
+                    "render": function (data, type, row, meta) {
+                        if ( type == 'display' ) {
+                            return $('<div />').text(data).html();
+                        }
+                        return data;
+                    }
+                } ],
                 "columns": [
                     {
                         "data": "city_id",