https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=42094 --- Comment #17 from David Cook <dcook@prosentient.com.au> --- (In reply to Jonathan Druart from comment #0)
On bug 41324 we tidy all the script tags that contained a kohaTable. Now we would like to tidy all the remaining script tags.
We will certainly need a comment in the code to flag the script tag that is used to interpolate TT variables into JS variable.
``` <script> // Accept TT tags here let js_variable = [% perl_variable %]; </script>
<script> // Here TT tags are prohibided, and ideally the code must be moved to a separate .js file // And we can reuse js_variable </script> ```
The hard part here is that let 'js_variable = [% perl_variable | html %]' or 'js_variable = [% perl_variable | uri%]' can lead Javascript string content that contains inappropriately escaped characters. Say it's a search string. If you do 'js_variable = [% perl_variable | html %]' then "this & that" becomes "this & that", which is incorrect... -- You are receiving this mail because: You are watching all bug changes.