diff options
author | Vincent Petry <pvince81@owncloud.com> | 2014-09-10 14:30:02 +0200 |
---|---|---|
committer | Vincent Petry <pvince81@owncloud.com> | 2014-09-10 14:30:02 +0200 |
commit | a064536ec13c8effb5e97b152e1949bc6dab6612 (patch) | |
tree | 07a316f0fd80f33fc5dbd3c4a95e6da32fca8576 /settings/js/settings.js | |
parent | 0d28ba06625466adda4cc985d701962843eb5be2 (diff) | |
download | nextcloud-server-a064536ec13c8effb5e97b152e1949bc6dab6612.tar.gz nextcloud-server-a064536ec13c8effb5e97b152e1949bc6dab6612.zip |
Fixed select2 for admin and apps page
Added explicit escaping.
Now internally using a pipe symbol as separator for select2, to make it
possible to use group names containing commas.
Diffstat (limited to 'settings/js/settings.js')
-rw-r--r-- | settings/js/settings.js | 16 |
1 files changed, 13 insertions, 3 deletions
diff --git a/settings/js/settings.js b/settings/js/settings.js index 85e8996ae7f..6e44c473185 100644 --- a/settings/js/settings.js +++ b/settings/js/settings.js @@ -7,6 +7,11 @@ OC.Settings = OC.Settings || {}; OC.Settings = _.extend(OC.Settings, { /** * Setup selection box for group selection. + * + * Values need to be separated by a pipe "|" character. + * (mostly because a comma is more likely to be used + * for groups) + * * @param $elements jQuery element (hidden input) to setup select2 on * @param [extraOptions] extra options hash to pass to select2 */ @@ -18,6 +23,7 @@ OC.Settings = _.extend(OC.Settings, { placeholder: t('core', 'Groups'), allowClear: true, multiple: true, + separator: '|', ajax: { url: OC.generateUrl('/settings/ajax/grouplist'), dataType: 'json', @@ -50,7 +56,7 @@ OC.Settings = _.extend(OC.Settings, { }, initSelection: function(element, callback) { var selection = - _.map(($(element).val() || []).split(',').sort(), + _.map(($(element).val() || []).split('|').sort(), function(groupName) { return { id: groupName, @@ -60,10 +66,14 @@ OC.Settings = _.extend(OC.Settings, { callback(selection); }, formatResult: function (element) { - return element.displayname; + return escapeHTML(element.displayname); }, formatSelection: function (element) { - return element.displayname; + return escapeHTML(element.displayname); + }, + escapeMarkup: function(m) { + // prevent double markup escape + return m; } }, extraOptions || {})); } |