Sanitize JS string fort alert()

ymollard · ymollard · commit a66e1d8f14a9 · 2024-10-18T20:34:25.000+02:00
diff --git a/htdocs/takepos/index.php b/htdocs/takepos/index.php
@@ -597,7 +597,7 @@ function CloseBill() {
 	if (!empty($conf->global->TAKEPOS_FORBID_SALES_TO_DEFAULT_CUSTOMER)) {
 		echo "customerAnchorTag = document.querySelector('a[id=\"customer\"]'); ";
 		echo "if (customerAnchorTag && customerAnchorTag.innerText.trim() === '".$langs->trans("Customer")."') { ";
-		echo "alert('".$langs->trans("NoClientErrorMessage")."'); ";
+		echo "alert('".dol_escape_js($langs->trans("NoClientErrorMessage"))."'); ";
 		echo "return; } \n";
 	}
 	?>

Original file line number	Diff line number	Diff line change
`@@ -597,7 +597,7 @@ function CloseBill() {`
`597`	`597`	`if (!empty($conf->global->TAKEPOS_FORBID_SALES_TO_DEFAULT_CUSTOMER)) {`
`598`	`598`	`echo "customerAnchorTag = document.querySelector('a[id=\"customer\"]'); ";`
`599`	`599`	`echo "if (customerAnchorTag && customerAnchorTag.innerText.trim() === '".$langs->trans("Customer")."') { ";`
`600`		`- echo "alert('".$langs->trans("NoClientErrorMessage")."'); ";`
	`600`	`+ echo "alert('".dol_escape_js($langs->trans("NoClientErrorMessage"))."'); ";`
`601`	`601`	`echo "return; } \n";`
`602`	`602`	`}`
`603`	`603`	`?>`