[#564] Escape area names in project evaluation report.

We need to use json_encode to properly escape user-entered names in generated JS code, which might contain special characters.
Igalia · Apr 19, 2022 · a4bf9d4 · a4bf9d4
1 parent 473c7ff
commit a4bf9d4
Showing 1 changed file with 6 additions and 4 deletions.
diff --git a/web/projectsEvaluation.php b/web/projectsEvaluation.php
@@ -57,10 +57,12 @@
         data : [
         <?php
 
-        foreach((array)$areas as $area)
-            echo "[{$area->getId()}, '{$area->getName()}'],";
-
-    ?>]});
+        foreach((array)$areas as $area) {
+            $areaName = json_encode($area->getName());
+            echo "[{$area->getId()}, {$areaName}],";
+        }
+        ?>
+    ]});
 
     function areas(val){