From 31aa7d1b818992d8d8f1188168e919d11c3ae967 Mon Sep 17 00:00:00 2001
From: Jared Vititoe <jjvititoe1@gmail.com>
Date: Fri, 20 Mar 2026 20:34:55 -0400
Subject: [PATCH] Fix JS SyntaxError breaking tabs, textarea scrolling, and XSS
 escaping

Bug fixes:
- ticket.js: Remove duplicate const textarea declaration inside showMentionSuggestions()
  (was redeclaring a parameter, causing SyntaxError that broke all tab switching)
- ticket.css: Add overflow:hidden + resize:none to disabled textarea so description
  shows full height without internal scrollbar (page scrolls instead)
- ticket.js: Trigger height recalculation when entering edit mode on description

XSS/escaping fixes:
- TicketView.php: htmlspecialchars() on description textarea content (closes </textarea> injection risk)
- TicketView.php: htmlspecialchars() on ticket status and workflow transition status strings
- DashboardView.php: htmlspecialchars() on $cat/$type in input value= attributes
- RecurringTicketsView.php: htmlspecialchars() on composed schedule string

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 assets/css/ticket.css                |  2 ++
 assets/js/ticket.js                  |  3 ++-
 views/DashboardView.php              |  4 ++--
 views/TicketView.php                 | 10 +++++-----
 views/admin/RecurringTicketsView.php |  2 +-
 5 files changed, 12 insertions(+), 9 deletions(-)

diff --git a/assets/css/ticket.css b/assets/css/ticket.css
index a852321..bd6b5f4 100644
--- a/assets/css/ticket.css
+++ b/assets/css/ticket.css
@@ -584,6 +584,8 @@ textarea.editable {
     background: var(--bg-secondary);
     cursor: default;
     border-color: transparent;
+    overflow: hidden;
+    resize: none;
 }
 
 /* Button Styles */
diff --git a/assets/js/ticket.js b/assets/js/ticket.js
index ec3c6ab..e2d26a5 100644
--- a/assets/js/ticket.js
+++ b/assets/js/ticket.js
@@ -86,6 +86,8 @@ function toggleEditMode() {
         // Enable description (textarea)
         if (descriptionField) {
             descriptionField.disabled = false;
+            descriptionField.style.height = 'auto';
+            descriptionField.style.height = descriptionField.scrollHeight + 'px';
         }
 
         // Enable metadata fields (priority, category, type)
@@ -1036,7 +1038,6 @@ function showMentionSuggestions(query, textarea) {
 
     mentionAutocomplete.innerHTML = html;
     mentionAutocomplete.classList.add('active');
-    const textarea = document.getElementById('newComment');
     if (textarea) textarea.setAttribute('aria-expanded', 'true');
     selectedMentionIndex = 0;
 
diff --git a/views/DashboardView.php b/views/DashboardView.php
index 9007fe4..d27c50b 100644
--- a/views/DashboardView.php
+++ b/views/DashboardView.php
@@ -144,7 +144,7 @@ $nonce = SecurityHeadersMiddleware::getNonce();
                         <label>
                             <input type="checkbox"
                                    name="category"
-                                   value="<?php echo $cat; ?>"
+                                   value="<?php echo htmlspecialchars($cat); ?>"
                                    <?php echo in_array($cat, $currentCategories) ? 'checked' : ''; ?>>
                             <?php echo htmlspecialchars($cat); ?>
                         </label>
@@ -161,7 +161,7 @@ $nonce = SecurityHeadersMiddleware::getNonce();
                         <label>
                             <input type="checkbox"
                                    name="type"
-                                   value="<?php echo $type; ?>"
+                                   value="<?php echo htmlspecialchars($type); ?>"
                                    <?php echo in_array($type, $currentTypes) ? 'checked' : ''; ?>>
                             <?php echo htmlspecialchars($type); ?>
                         </label>
diff --git a/views/TicketView.php b/views/TicketView.php
index 0fe805f..2eb76a6 100644
--- a/views/TicketView.php
+++ b/views/TicketView.php
@@ -246,14 +246,14 @@ $nonce = SecurityHeadersMiddleware::getNonce();
                         <div class="header-controls">
                             <div class="status-priority-group">
                                 <select id="statusSelect" class="editable status-select status-<?php echo str_replace(' ', '-', strtolower($ticket["status"])); ?>" data-field="status" data-action="update-ticket-status" aria-label="Change ticket status">
-                                    <option value="<?php echo $ticket['status']; ?>" selected>
-                                        <?php echo $ticket['status']; ?> (current)
+                                    <option value="<?php echo htmlspecialchars($ticket['status']); ?>" selected>
+                                        <?php echo htmlspecialchars($ticket['status']); ?> (current)
                                     </option>
                                     <?php foreach ($allowedTransitions as $transition): ?>
-                                        <option value="<?php echo $transition['to_status']; ?>"
+                                        <option value="<?php echo htmlspecialchars($transition['to_status']); ?>"
                                             data-requires-comment="<?php echo $transition['requires_comment'] ? '1' : '0'; ?>"
                                             data-requires-admin="<?php echo $transition['requires_admin'] ? '1' : '0'; ?>">
-                                            <?php echo $transition['to_status']; ?>
+                                            <?php echo htmlspecialchars($transition['to_status']); ?>
                                             <?php if ($transition['requires_comment']): ?> *<?php endif; ?>
                                             <?php if ($transition['requires_admin']): ?> (Admin)<?php endif; ?>
                                         </option>
@@ -295,7 +295,7 @@ $nonce = SecurityHeadersMiddleware::getNonce();
                         <div class="ascii-subsection-header">Description</div>
                         <div class="detail-group full-width">
                             <label>Description</label>
-                            <textarea class="editable" data-field="description" disabled><?php echo $ticket["description"]; ?></textarea>
+                            <textarea class="editable" data-field="description" disabled><?php echo htmlspecialchars($ticket["description"] ?? ''); ?></textarea>
                         </div>
                     </div>
 
diff --git a/views/admin/RecurringTicketsView.php b/views/admin/RecurringTicketsView.php
index ec8fca6..3bb7ab1 100644
--- a/views/admin/RecurringTicketsView.php
+++ b/views/admin/RecurringTicketsView.php
@@ -81,7 +81,7 @@ $nonce = SecurityHeadersMiddleware::getNonce();
                                             $schedule .= ' (Day ' . $rt['schedule_day'] . ')';
                                         }
                                         $schedule .= ' @ ' . substr($rt['schedule_time'], 0, 5);
-                                        echo $schedule;
+                                        echo htmlspecialchars($schedule);
                                         ?>
                                     </td>
                                     <td><?php echo htmlspecialchars($rt['category']); ?></td>