return (yiq >= 128) ? 'black' : 'white';
};
- // based on https://github.com/janl/mustache.js/blob/master/mustache.js
- // If you feel the need to use this function, consider whether assembling HTML
- // via DOM might be a cleaner approach rather than using string concatenation.
- CRM.utils.escapeHtml = function(string) {
- var entityMap = {
- '&': '&',
- '<': '<',
- '>': '>',
- '"': '"',
- "'": ''',
- '/': '/',
- '`': '`',
- '=': '='
- };
- return String(string).replace(/[&<>"'`=\/]/g, function fromEntityMap (s) {
- return entityMap[s];
- });
- }
-
// CVE-2015-9251 - Prevent auto-execution of scripts when no explicit dataType was provided
$.ajaxPrefilter(function(s) {
if (s.crossDomain) {
// https://civicrm.org/licensing
/* global CRM, ts */
/*jshint loopfunc: true */
-(function($) {
+(function($, _) {
'use strict';
// Constructor for dashboard object.
$.fn.dashboard = function(options) {
});
CRM.alert(
ts('You can re-add it by clicking the "Configure Your Dashboard" button.'),
- ts('"%1" Removed', {1: CRM.utils.escapeHtml(widget.title)}),
+ ts('"%1" Removed', {1: _.escape(widget.title)}),
'success'
);
};
function widgetHTML() {
var html = '';
html += '<div class="widget-wrapper">';
- html += ' <div class="widget-controls"><h3 class="widget-header">' + CRM.utils.escapeHtml(widget.title) + '</h3></div>';
+ html += ' <div class="widget-controls"><h3 class="widget-header">' + _.escape(widget.title) + '</h3></div>';
html += ' <div class="widget-content"></div>';
html += '</div>';
return html;
// id, url, fullscreenUrl, title, name, cacheMinutes
}
};
-})(jQuery);
+})(jQuery, CRM._);
projects / civicrm-core.git / commitdiff