Escape user-supplied JavaScript. Fixes http://lists.openstreetmap.org/pipermail/talk...

[rails.git] / app / views / site / edit.html.erb

diff --git a/app/views/site/edit.html.erb b/app/views/site/edit.html.erb
index 948b1fad5122b1a3adc6394537ef995f79cee49f..d3258c9cfa902c61f3c853d4c864e2ddd35bb70e 100644 (file)
--- a/app/views/site/edit.html.erb
+++ b/app/views/site/edit.html.erb
@@ -65,7 +65,7 @@ zoom='14' if zoom.nil?
   
   window.onbeforeunload=function() {
     if (!changesaved) {
   
   window.onbeforeunload=function() {
     if (!changesaved) {

-      return "<%= t 'site.edit.potlatch_unsaved_changes' %>";
+      return '#{escape_javascript(t('site.edit.potlatch_unsaved_changes'))}';

     }
   }
 
     }
   }