From fa9a2fb756f5db17ff6365da28f685db83ef46bd Mon Sep 17 00:00:00 2001
From: Sean Madsen <sean@seanmadsen.com>
Date: Sun, 22 Apr 2018 19:06:46 -0400
Subject: [PATCH] security/core#14 Add output encoding within js

---
 templates/CRM/Member/Form/Membership.tpl | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/templates/CRM/Member/Form/Membership.tpl b/templates/CRM/Member/Form/Membership.tpl
index c1831bcdff..5d3bb8eef6 100644
--- a/templates/CRM/Member/Form/Membership.tpl
+++ b/templates/CRM/Member/Form/Membership.tpl
@@ -398,8 +398,8 @@
       // elsewhere some script determines if there is a paying contact the
       // email should go to instead (e.g gift membership). This should be checked for here
       // and that merged into that code as currently behaviour is inconsistent.
-      var emailExists = '{$emailExists}';
-      var isStandalone = ('{$context}' == 'standalone');
+      var emailExists = {$emailExists|json_encode};
+      var isStandalone = {if $context == 'standalone'}true{else}false{/if};
       var isEmailEnabledForSite = {if $isEmailEnabledForSite}true{else}false{/if};
 
       {literal}
-- 
2.25.1