Cutlery/invoiceninja
1
0
Fork 0
mirror of https://github.com/invoiceninja/invoiceninja.git synced 2025-11-03 23:07:32 -05:00
Code Issues Packages Projects Releases Wiki Activity

Add strip_tags to raw JSON in views

Browse Source
This commit is contained in:
Hillel Coren 2017-04-19 20:46:11 +03:00
parent 2f2883d619
commit 0fad27287b
18 changed files with 34 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
resources/views/accounts/client_portal.blade.php
View File

@ -372,7 +372,7 @@ iframe.src = '{{ rtrim(SITE_URL ,'/') }}/view/'
<script type="text/javascript"> <script type="text/javascript">
var products = {!! $products !!}; var products = {!! strip_tags(json_encode($products)) !!};
$(function() { $(function() {
var $productSelect = $('select#product'); var $productSelect = $('select#product');

2
resources/views/accounts/invoice_design.blade.php
View File

@ -22,7 +22,7 @@
<script> <script>
var invoiceDesigns = {!! $invoiceDesigns !!}; var invoiceDesigns = {!! $invoiceDesigns !!};
var invoiceFonts = {!! $invoiceFonts !!}; var invoiceFonts = {!! $invoiceFonts !!};
var invoice = {!! json_encode($invoice) !!}; var invoice = {!! strip_tags(json_encode($invoice)) !!};
function getDesignJavascript() { function getDesignJavascript() {
var id = $('#invoice_design_id').val(); var id = $('#invoice_design_id').val();

2
resources/views/accounts/payments.blade.php
View File

@ -200,7 +200,7 @@
<script> <script>
window.onDatatableReady = actionListHandler; window.onDatatableReady = actionListHandler;
var taxRates = {!! $taxRates !!}; var taxRates = {!! strip_tags(json_encode($taxRates)) !!};
var taxRatesMap = {}; var taxRatesMap = {};
for (var i=0; i<taxRates.length; i++) { for (var i=0; i<taxRates.length; i++) {
var taxRate = taxRates[i]; var taxRate = taxRates[i];

2
resources/views/accounts/templates_and_reminders.blade.php
View File

@ -228,7 +228,7 @@
var entityTypes = ['invoice', 'quote', 'payment', 'reminder1', 'reminder2', 'reminder3']; var entityTypes = ['invoice', 'quote', 'payment', 'reminder1', 'reminder2', 'reminder3'];
var stringTypes = ['subject', 'template']; var stringTypes = ['subject', 'template'];
var templates = {!! json_encode($defaultTemplates) !!}; var templates = {!! json_encode($defaultTemplates) !!};
var account = {!! Auth::user()->account !!}; var account = {!! strip_tags(json_encode(Auth::user()->account)) !!};
function refreshPreview() { function refreshPreview() {
for (var i=0; i<entityTypes.length; i++) { for (var i=0; i<entityTypes.length; i++) {

4
resources/views/clients/statement.blade.php
View File

@ -13,8 +13,8 @@
var invoiceDesigns = {!! \App\Models\InvoiceDesign::getDesigns() !!}; var invoiceDesigns = {!! \App\Models\InvoiceDesign::getDesigns() !!};
var invoiceFonts = {!! Cache::get('fonts') !!}; var invoiceFonts = {!! Cache::get('fonts') !!};
var currentInvoice = {!! $invoice !!}; var currentInvoice = {!! strip_tags(json_encode($invoice)) !!};
var invoice = {!! $invoice !!}; var invoice = {!! strip_tags(json_encode($invoice)) !!};
function getPDFString(cb) { function getPDFString(cb) {

2
resources/views/credits/edit.blade.php
View File

@ -58,7 +58,7 @@
<script type="text/javascript"> <script type="text/javascript">
var clients = {!! $clients ?: 'false' !!}; var clients = {!! $clients ? strip_tags(json_encode($clients)) : 'false' !!};
$(function() { $(function() {

2
resources/views/dashboard.blade.php
View File

@ -83,7 +83,7 @@
} }
} }
var account = {!! $account !!}; var account = {!! strip_tags(json_encode($account)) !!};
var chartGroupBy = 'day'; var chartGroupBy = 'day';
var chartCurrencyId = {{ $account->getCurrencyId() }}; var chartCurrencyId = {{ $account->getCurrencyId() }};
var dateRanges = {!! $account->present()->dateRangeOptions !!}; var dateRanges = {!! $account->present()->dateRangeOptions !!};

8
resources/views/expenses/edit.blade.php
View File

@ -247,10 +247,10 @@
<script type="text/javascript"> <script type="text/javascript">
Dropzone.autoDiscover = false; Dropzone.autoDiscover = false;
var vendors = {!! $vendors !!}; var vendors = {!! strip_tags(json_encode($vendors)) !!};
var clients = {!! $clients !!}; var clients = {!! strip_tags(json_encode($clients)) !!};
var categories = {!! $categories !!}; var categories = {!! strip_tags(json_encode($categories)) !!};
var taxRates = {!! $taxRates !!}; var taxRates = {!! strip_tags(json_encode($taxRates)) !!};
var clientMap = {}; var clientMap = {};
var vendorMap = {}; var vendorMap = {};

12
resources/views/invoices/edit.blade.php
View File

@ -839,8 +839,8 @@
<script type="text/javascript"> <script type="text/javascript">
Dropzone.autoDiscover = false; Dropzone.autoDiscover = false;
var products = {!! $products !!}; var products = {!! strip_tags(json_encode($products)) !!};
var clients = {!! $clients !!}; var clients = {!! strip_tags(json_encode($clients)) !!};
var account = {!! Auth::user()->account !!}; var account = {!! Auth::user()->account !!};
var dropzone; var dropzone;
@ -880,7 +880,7 @@
// otherwise create blank model // otherwise create blank model
window.model = new ViewModel(); window.model = new ViewModel();
var invoice = {!! $invoice !!}; var invoice = {!! strip_tags(json_encode($invoice)) !!};
ko.mapping.fromJS(invoice, model.invoice().mapping, model.invoice); ko.mapping.fromJS(invoice, model.invoice().mapping, model.invoice);
model.invoice().is_recurring({{ $invoice->is_recurring ? '1' : '0' }}); model.invoice().is_recurring({{ $invoice->is_recurring ? '1' : '0' }});
model.invoice().start_date_orig(model.invoice().start_date()); model.invoice().start_date_orig(model.invoice().start_date());
@ -898,7 +898,7 @@
@else @else
// set the default account tax rate // set the default account tax rate
@if ($account->invoice_taxes && ! empty($defaultTax)) @if ($account->invoice_taxes && ! empty($defaultTax))
var defaultTax = {!! $defaultTax->toJson() !!}; var defaultTax = {!! strip_tags(json_encode($defaultTax)) !!};
model.invoice().tax_rate1(defaultTax.rate); model.invoice().tax_rate1(defaultTax.rate);
model.invoice().tax_name1(defaultTax.name); model.invoice().tax_name1(defaultTax.name);
@endif @endif
@ -907,7 +907,7 @@
@if (isset($tasks) && $tasks) @if (isset($tasks) && $tasks)
// move the blank invoice line item to the end // move the blank invoice line item to the end
var blank = model.invoice().invoice_items.pop(); var blank = model.invoice().invoice_items.pop();
var tasks = {!! $tasks !!}; var tasks = {!! strip_tags(json_encode($tasks)) !!};
for (var i=0; i<tasks.length; i++) { for (var i=0; i<tasks.length; i++) {
var task = tasks[i]; var task = tasks[i];
@ -926,7 +926,7 @@
// move the blank invoice line item to the end // move the blank invoice line item to the end
var blank = model.invoice().invoice_items.pop(); var blank = model.invoice().invoice_items.pop();
var expenses = {!! $expenses !!} var expenses = {!! strip_tags(json_encode($expenses)) !!}
for (var i=0; i<expenses.length; i++) { for (var i=0; i<expenses.length; i++) {
var expense = expenses[i]; var expense = expenses[i];

4
resources/views/invoices/history.blade.php
View File

@ -13,8 +13,8 @@
var invoiceDesigns = {!! $invoiceDesigns !!}; var invoiceDesigns = {!! $invoiceDesigns !!};
var invoiceFonts = {!! $invoiceFonts !!}; var invoiceFonts = {!! $invoiceFonts !!};
var currentInvoice = {!! $invoice !!}; var currentInvoice = {!! strip_tags(json_encode($invoice)) !!};
var versionsJson = {!! $versionsJson !!}; var versionsJson = {!! strip_tags(json_encode($versionsJson)) !!};
function getPDFString(cb) { function getPDFString(cb) {

4
resources/views/invoices/knockout.blade.php
View File

@ -7,7 +7,7 @@ function ViewModel(data) {
//self.invoice = data ? false : new InvoiceModel(); //self.invoice = data ? false : new InvoiceModel();
self.invoice = ko.observable(data ? false : new InvoiceModel()); self.invoice = ko.observable(data ? false : new InvoiceModel());
self.expense_currency_id = ko.observable(); self.expense_currency_id = ko.observable();
self.products = {!! $products !!}; self.products = {!! strip_tags(json_encode($products)) !!};
self.loadClient = function(client) { self.loadClient = function(client) {
ko.mapping.fromJS(client, model.invoice().client().mapping, model.invoice().client); ko.mapping.fromJS(client, model.invoice().client().mapping, model.invoice().client);
@ -174,7 +174,7 @@ function InvoiceModel(data) {
var self = this; var self = this;
this.client = ko.observable(clientModel); this.client = ko.observable(clientModel);
this.is_public = ko.observable(0); this.is_public = ko.observable(0);
self.account = {!! $account !!}; self.account = {!! strip_tags(json_encode($account)) !!};
self.id = ko.observable(''); self.id = ko.observable('');
self.discount = ko.observable(''); self.discount = ko.observable('');
self.is_amount_discount = ko.observable(0); self.is_amount_discount = ko.observable(0);

2
resources/views/invoices/pdf.blade.php
View File

@ -102,7 +102,7 @@
NINJA.bodyFont = "Roboto"; NINJA.bodyFont = "Roboto";
@endif @endif
var invoiceLabels = {!! json_encode($account->getInvoiceLabels()) !!}; var invoiceLabels = {!! strip_tags(json_encode($account->getInvoiceLabels())) !!};
if (window.invoice) { if (window.invoice) {
//invoiceLabels.item = invoice.has_tasks ? invoiceLabels.date : invoiceLabels.item_orig; //invoiceLabels.item = invoice.has_tasks ? invoiceLabels.date : invoiceLabels.item_orig;

6
resources/views/invoices/view.blade.php
View File

@ -82,7 +82,7 @@
e.preventDefault(); e.preventDefault();
$('#wepay-error').remove(); $('#wepay-error').remove();
var email = {!! json_encode($contact->email) !!} || prompt('{{ trans('texts.ach_email_prompt') }}'); var email = {!! strip_tags(json_encode($contact->email)) !!} || prompt('{{ trans('texts.ach_email_prompt') }}');
if(!email)return; if(!email)return;
WePay.bank_account.create({ WePay.bank_account.create({
@ -174,14 +174,14 @@
@endif @endif
<script type="text/javascript"> <script type="text/javascript">
window.invoice = {!! $invoice->toJson() !!}; window.invoice = {!! strip_tags(json_encode($invoice)) !!};
invoice.features = { invoice.features = {
customize_invoice_design:{{ $invoice->client->account->hasFeature(FEATURE_CUSTOMIZE_INVOICE_DESIGN) ? 'true' : 'false' }}, customize_invoice_design:{{ $invoice->client->account->hasFeature(FEATURE_CUSTOMIZE_INVOICE_DESIGN) ? 'true' : 'false' }},
remove_created_by:{{ $invoice->client->account->hasFeature(FEATURE_REMOVE_CREATED_BY) ? 'true' : 'false' }}, remove_created_by:{{ $invoice->client->account->hasFeature(FEATURE_REMOVE_CREATED_BY) ? 'true' : 'false' }},
invoice_settings:{{ $invoice->client->account->hasFeature(FEATURE_INVOICE_SETTINGS) ? 'true' : 'false' }} invoice_settings:{{ $invoice->client->account->hasFeature(FEATURE_INVOICE_SETTINGS) ? 'true' : 'false' }}
}; };
invoice.is_quote = {{ $invoice->isQuote() ? 'true' : 'false' }}; invoice.is_quote = {{ $invoice->isQuote() ? 'true' : 'false' }};
invoice.contact = {!! $contact->toJson() !!}; invoice.contact = {!! strip_tags(json_encode($contact)) !!};
function getPDFString(cb) { function getPDFString(cb) {
return generatePDF(invoice, invoice.invoice_design.javascript, true, cb); return generatePDF(invoice, invoice.invoice_design.javascript, true, cb);

4
resources/views/payments/edit.blade.php
View File

@ -102,8 +102,8 @@
<script type="text/javascript"> <script type="text/javascript">
var invoices = {!! $invoices !!}; var invoices = {!! strip_tags(json_encode($invoices)) !!};
var clients = {!! $clients !!}; var clients = {!! strip_tags(json_encode($clients)) !!};
$(function() { $(function() {

2
resources/views/payments/paymentmethods_list.blade.php
View File

@ -58,7 +58,7 @@
e.preventDefault(); e.preventDefault();
$('#wepay-error').remove(); $('#wepay-error').remove();
var email = {!! json_encode($contact->email) !!} || prompt('{{ trans('texts.ach_email_prompt') }}'); var email = {!! strip_tags(json_encode($contact->email)) !!} || prompt('{{ trans('texts.ach_email_prompt') }}');
if(!email)return; if(!email)return;
WePay.bank_account.create({ WePay.bank_account.create({

2
resources/views/projects/edit.blade.php
View File

@ -61,7 +61,7 @@
<script> <script>
var clients = {!! $clients !!}; var clients = {!! strip_tags(json_encode($clients)) !!};
$(function() { $(function() {
var $clientSelect = $('select#client_id'); var $clientSelect = $('select#client_id');

2
resources/views/reports/d3.blade.php
View File

@ -60,7 +60,7 @@
<script type="text/javascript"> <script type="text/javascript">
// store data as JSON // store data as JSON
var data = {!! $clients !!}; var data = {!! strip_tags(json_encode($clients)) !!};
_.each(data, function(client) { _.each(data, function(client) {
_.each(client.invoices, function(invoice) { _.each(client.invoices, function(invoice) {

4
resources/views/tasks/edit.blade.php
View File

@ -232,8 +232,8 @@
} }
} }
var clients = {!! $clients !!}; var clients = {!! strip_tags(json_encode($clients)) !!};
var projects = {!! $projects !!}; var projects = {!! strip_tags(json_encode($projects)) !!};
var timeLabels = {}; var timeLabels = {};
@foreach (['hour', 'minute', 'second'] as $period) @foreach (['hour', 'minute', 'second'] as $period)