|
245 | 245 | return table.outerHTML; |
246 | 246 | } |
247 | 247 |
|
| 248 | + function escAttr(s) { |
| 249 | + return String(s ?? '') |
| 250 | + .replaceAll('&', '&') |
| 251 | + .replaceAll('"', '"') |
| 252 | + .replaceAll("'", ''') |
| 253 | + .replaceAll('<', '<') |
| 254 | + .replaceAll('>', '>'); |
| 255 | + } |
| 256 | +
|
248 | 257 | function getInputName(eggId, variableId, name) { |
249 | 258 | let inputName = `eggs_configuration[${eggId}]`; |
250 | 259 | if (variableId && isNaN(variableId) === false) { |
|
260 | 269 | if (options) { |
261 | 270 | return createSelect(value, eggId, options, name); |
262 | 271 | } |
263 | | - return `<input type="text" value="${value}" name="${getInputName(eggId, variableId || 'startup', name)}" class="form-control" onchange="saveEggsConfigurationToHiddenField()">`; |
| 272 | + const v = escAttr(value); |
| 273 | + return `<input type="text" value="${v}" name="${getInputName(eggId, variableId || 'startup', name)}" class="form-control" onchange="saveEggsConfigurationToHiddenField()">`; |
264 | 274 | } |
265 | 275 |
|
266 | 276 | function createCheckbox(checked, eggId, variableId, name) { |
|
277 | 287 | function createSelect(value, eggId, options, name) { |
278 | 288 | let select = `<select name="${getInputName(eggId, 'docker_image', name)}" class="form-control" style="font-size: 14px;" onchange="saveEggsConfigurationToHiddenField()">`; |
279 | 289 | for (const [key, option] of Object.entries(options)) { |
280 | | - select += `<option value="${option}" ${value === key ? 'selected' : ''}>${option}</option>`; |
| 290 | + const optVal = escAttr(option); |
| 291 | + const selected = (value === key) ? 'selected' : ''; |
| 292 | + select += `<option value="${optVal}" ${selected}>${optVal}</option>`; |
281 | 293 | } |
282 | 294 | select += '</select>'; |
283 | 295 | return select; |
284 | | - } |
| 296 | + } |
285 | 297 |
|
286 | 298 | function hasSlotPrices() { |
287 | 299 | let slotPricesContainer = document.querySelector('#Product_slotPrices'); |
|
0 commit comments