Add strip_tags to raw JSON in views

2025-11-02 22:57:33 -05:00 · 2017-04-19 20:46:11 +03:00 · 2017-04-19 20:46:11 +03:00 · 0fad27287b
commit 0fad27287b
parent 2f2883d619
18 changed files with 34 additions and 34 deletions
--- a/resources/views/accounts/client_portal.blade.php
+++ b/resources/views/accounts/client_portal.blade.php
@ -372,7 +372,7 @@ iframe.src = '{{ rtrim(SITE_URL ,'/') }}/view/'

 <script type="text/javascript">

-    var products = {!! $products !!};
+    var products = {!! strip_tags(json_encode($products)) !!};

    $(function() {
        var $productSelect = $('select#product');
--- a/resources/views/accounts/invoice_design.blade.php
+++ b/resources/views/accounts/invoice_design.blade.php
@ -22,7 +22,7 @@
  <script>
    var invoiceDesigns = {!! $invoiceDesigns !!};
    var invoiceFonts = {!! $invoiceFonts !!};
-    var invoice = {!! json_encode($invoice) !!};
+    var invoice = {!! strip_tags(json_encode($invoice)) !!};

    function getDesignJavascript() {
      var id = $('#invoice_design_id').val();
--- a/resources/views/accounts/payments.blade.php
+++ b/resources/views/accounts/payments.blade.php
@ -35,7 +35,7 @@
            {!! Former::actions( Button::success(trans('texts.save'))->withAttributes(['id' => 'formSave'])->submit()->appendIcon(Icon::create('floppy-disk')) ) !!}
        </div>
    </div>
-	
+
    {!! Former::close() !!}

  @if ($showAdd)
@ -200,7 +200,7 @@
  <script>
    window.onDatatableReady = actionListHandler;

-	var taxRates = {!! $taxRates !!};
+	var taxRates = {!! strip_tags(json_encode($taxRates)) !!};
 	var taxRatesMap = {};
 	for (var i=0; i<taxRates.length; i++) {
 		var taxRate = taxRates[i];
--- a/resources/views/accounts/templates_and_reminders.blade.php
+++ b/resources/views/accounts/templates_and_reminders.blade.php
@ -228,7 +228,7 @@
        var entityTypes = ['invoice', 'quote', 'payment', 'reminder1', 'reminder2', 'reminder3'];
        var stringTypes = ['subject', 'template'];
        var templates = {!! json_encode($defaultTemplates) !!};
-        var account = {!! Auth::user()->account !!};
+        var account = {!! strip_tags(json_encode(Auth::user()->account)) !!};

        function refreshPreview() {
            for (var i=0; i<entityTypes.length; i++) {
--- a/resources/views/clients/statement.blade.php
+++ b/resources/views/clients/statement.blade.php
@ -13,8 +13,8 @@

        var invoiceDesigns = {!! \App\Models\InvoiceDesign::getDesigns() !!};
        var invoiceFonts = {!! Cache::get('fonts') !!};
-        var currentInvoice = {!! $invoice !!};
-        var invoice = {!! $invoice !!};
+        var currentInvoice = {!! strip_tags(json_encode($invoice)) !!};
+        var invoice = {!! strip_tags(json_encode($invoice)) !!};

        function getPDFString(cb) {

--- a/resources/views/credits/edit.blade.php
+++ b/resources/views/credits/edit.blade.php
@ -58,7 +58,7 @@
 	<script type="text/javascript">


-	var clients = {!! $clients ?: 'false' !!};
+	var clients = {!! $clients ? strip_tags(json_encode($clients)) : 'false' !!};

 	$(function() {

--- a/resources/views/dashboard.blade.php
+++ b/resources/views/dashboard.blade.php
@ -83,7 +83,7 @@
            }
        }

-        var account = {!! $account !!};
+        var account = {!! strip_tags(json_encode($account)) !!};
        var chartGroupBy = 'day';
        var chartCurrencyId = {{ $account->getCurrencyId() }};
 		var dateRanges = {!! $account->present()->dateRangeOptions !!};
--- a/resources/views/expenses/edit.blade.php
+++ b/resources/views/expenses/edit.blade.php
@ -247,10 +247,10 @@
    <script type="text/javascript">
        Dropzone.autoDiscover = false;

-        var vendors = {!! $vendors !!};
-        var clients = {!! $clients !!};
-        var categories = {!! $categories !!};
-        var taxRates = {!! $taxRates !!};
+        var vendors = {!! strip_tags(json_encode($vendors)) !!};
+        var clients = {!! strip_tags(json_encode($clients)) !!};
+        var categories = {!! strip_tags(json_encode($categories)) !!};
+        var taxRates = {!! strip_tags(json_encode($taxRates)) !!};

        var clientMap = {};
        var vendorMap = {};
--- a/resources/views/invoices/edit.blade.php
+++ b/resources/views/invoices/edit.blade.php
@ -839,8 +839,8 @@
 	<script type="text/javascript">
    Dropzone.autoDiscover = false;

-    var products = {!! $products !!};
-    var clients = {!! $clients !!};
+    var products = {!! strip_tags(json_encode($products)) !!};
+	var clients = {!! strip_tags(json_encode($clients)) !!};
    var account = {!! Auth::user()->account !!};
    var dropzone;

@ -880,7 +880,7 @@
            // otherwise create blank model
            window.model = new ViewModel();

-            var invoice = {!! $invoice !!};
+            var invoice = {!! strip_tags(json_encode($invoice)) !!};
            ko.mapping.fromJS(invoice, model.invoice().mapping, model.invoice);
            model.invoice().is_recurring({{ $invoice->is_recurring ? '1' : '0' }});
            model.invoice().start_date_orig(model.invoice().start_date());
@ -898,7 +898,7 @@
            @else
                // set the default account tax rate
                @if ($account->invoice_taxes && ! empty($defaultTax))
-                    var defaultTax = {!! $defaultTax->toJson() !!};
+                    var defaultTax = {!! strip_tags(json_encode($defaultTax)) !!};
                    model.invoice().tax_rate1(defaultTax.rate);
                    model.invoice().tax_name1(defaultTax.name);
                @endif
@ -907,7 +907,7 @@
            @if (isset($tasks) && $tasks)
                // move the blank invoice line item to the end
                var blank = model.invoice().invoice_items.pop();
-                var tasks = {!! $tasks !!};
+                var tasks = {!! strip_tags(json_encode($tasks)) !!};

                for (var i=0; i<tasks.length; i++) {
                    var task = tasks[i];
@ -926,7 +926,7 @@

                // move the blank invoice line item to the end
                var blank = model.invoice().invoice_items.pop();
-                var expenses = {!! $expenses !!}
+                var expenses = {!! strip_tags(json_encode($expenses)) !!}

                for (var i=0; i<expenses.length; i++) {
                    var expense = expenses[i];
--- a/resources/views/invoices/history.blade.php
+++ b/resources/views/invoices/history.blade.php
@ -13,8 +13,8 @@

    var invoiceDesigns = {!! $invoiceDesigns !!};
    var invoiceFonts = {!! $invoiceFonts !!};
-    var currentInvoice = {!! $invoice !!};
-    var versionsJson = {!! $versionsJson !!};
+    var currentInvoice = {!! strip_tags(json_encode($invoice)) !!};
+    var versionsJson = {!! strip_tags(json_encode($versionsJson)) !!};

    function getPDFString(cb) {

--- a/resources/views/invoices/knockout.blade.php
+++ b/resources/views/invoices/knockout.blade.php
@ -7,7 +7,7 @@ function ViewModel(data) {
    //self.invoice = data ? false : new InvoiceModel();
    self.invoice = ko.observable(data ? false : new InvoiceModel());
    self.expense_currency_id = ko.observable();
-    self.products = {!! $products !!};
+    self.products = {!! strip_tags(json_encode($products)) !!};

    self.loadClient = function(client) {
        ko.mapping.fromJS(client, model.invoice().client().mapping, model.invoice().client);
@ -174,7 +174,7 @@ function InvoiceModel(data) {
    var self = this;
    this.client = ko.observable(clientModel);
    this.is_public = ko.observable(0);
-    self.account = {!! $account !!};
+    self.account = {!! strip_tags(json_encode($account)) !!};
    self.id = ko.observable('');
    self.discount = ko.observable('');
    self.is_amount_discount = ko.observable(0);
--- a/resources/views/invoices/pdf.blade.php
+++ b/resources/views/invoices/pdf.blade.php
@ -102,7 +102,7 @@
      NINJA.bodyFont = "Roboto";
  @endif

-  var invoiceLabels = {!! json_encode($account->getInvoiceLabels()) !!};
+  var invoiceLabels = {!! strip_tags(json_encode($account->getInvoiceLabels())) !!};

  if (window.invoice) {
    //invoiceLabels.item = invoice.has_tasks ? invoiceLabels.date : invoiceLabels.item_orig;
--- a/resources/views/invoices/view.blade.php
+++ b/resources/views/invoices/view.blade.php
@ -82,7 +82,7 @@
                    e.preventDefault();

                    $('#wepay-error').remove();
-                    var email = {!! json_encode($contact->email) !!} || prompt('{{ trans('texts.ach_email_prompt') }}');
+                    var email = {!! strip_tags(json_encode($contact->email)) !!} || prompt('{{ trans('texts.ach_email_prompt') }}');
                    if(!email)return;

                    WePay.bank_account.create({
@ -174,14 +174,14 @@
        @endif
 		<script type="text/javascript">

-			window.invoice = {!! $invoice->toJson() !!};
+			window.invoice = {!! strip_tags(json_encode($invoice)) !!};
 			invoice.features = {
                customize_invoice_design:{{ $invoice->client->account->hasFeature(FEATURE_CUSTOMIZE_INVOICE_DESIGN) ? 'true' : 'false' }},
                remove_created_by:{{ $invoice->client->account->hasFeature(FEATURE_REMOVE_CREATED_BY) ? 'true' : 'false' }},
                invoice_settings:{{ $invoice->client->account->hasFeature(FEATURE_INVOICE_SETTINGS) ? 'true' : 'false' }}
            };
 			invoice.is_quote = {{ $invoice->isQuote() ? 'true' : 'false' }};
-			invoice.contact = {!! $contact->toJson() !!};
+			invoice.contact = {!! strip_tags(json_encode($contact)) !!};

 			function getPDFString(cb) {
    	  	    return generatePDF(invoice, invoice.invoice_design.javascript, true, cb);
--- a/resources/views/payments/edit.blade.php
+++ b/resources/views/payments/edit.blade.php
@ -102,8 +102,8 @@

 	<script type="text/javascript">

-	var invoices = {!! $invoices !!};
-	var clients = {!! $clients !!};
+	var invoices = {!! strip_tags(json_encode($invoices)) !!};
+	var clients = {!! strip_tags(json_encode($clients)) !!};

 	$(function() {

--- a/resources/views/payments/paymentmethods_list.blade.php
+++ b/resources/views/payments/paymentmethods_list.blade.php
@ -58,7 +58,7 @@
                e.preventDefault();

                $('#wepay-error').remove();
-                var email = {!! json_encode($contact->email) !!} || prompt('{{ trans('texts.ach_email_prompt') }}');
+                var email = {!! strip_tags(json_encode($contact->email)) !!} || prompt('{{ trans('texts.ach_email_prompt') }}');
                if(!email)return;

                WePay.bank_account.create({
--- a/resources/views/projects/edit.blade.php
+++ b/resources/views/projects/edit.blade.php
@ -61,7 +61,7 @@

    <script>

-		var clients = {!! $clients !!};
+		var clients = {!! strip_tags(json_encode($clients)) !!};

        $(function() {
 			var $clientSelect = $('select#client_id');
--- a/resources/views/reports/d3.blade.php
+++ b/resources/views/reports/d3.blade.php
@ -60,7 +60,7 @@
  <script type="text/javascript">

    // store data as JSON
-    var data = {!! $clients !!};
+    var data = {!! strip_tags(json_encode($clients)) !!};

    _.each(data, function(client) {
      _.each(client.invoices, function(invoice) {
--- a/resources/views/tasks/edit.blade.php
+++ b/resources/views/tasks/edit.blade.php
@ -232,8 +232,8 @@
      }
    }

-    var clients = {!! $clients !!};
-    var projects = {!! $projects !!};
+    var clients = {!! strip_tags(json_encode($clients)) !!};
+    var projects = {!! strip_tags(json_encode($projects)) !!};

    var timeLabels = {};
    @foreach (['hour', 'minute', 'second'] as $period)