Fix JS SyntaxError breaking tabs, textarea scrolling, and XSS escaping
Bug fixes: - ticket.js: Remove duplicate const textarea declaration inside showMentionSuggestions() (was redeclaring a parameter, causing SyntaxError that broke all tab switching) - ticket.css: Add overflow:hidden + resize:none to disabled textarea so description shows full height without internal scrollbar (page scrolls instead) - ticket.js: Trigger height recalculation when entering edit mode on description XSS/escaping fixes: - TicketView.php: htmlspecialchars() on description textarea content (closes </textarea> injection risk) - TicketView.php: htmlspecialchars() on ticket status and workflow transition status strings - DashboardView.php: htmlspecialchars() on $cat/$type in input value= attributes - RecurringTicketsView.php: htmlspecialchars() on composed schedule string Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
@@ -144,7 +144,7 @@ $nonce = SecurityHeadersMiddleware::getNonce();
|
||||
<label>
|
||||
<input type="checkbox"
|
||||
name="category"
|
||||
value="<?php echo $cat; ?>"
|
||||
value="<?php echo htmlspecialchars($cat); ?>"
|
||||
<?php echo in_array($cat, $currentCategories) ? 'checked' : ''; ?>>
|
||||
<?php echo htmlspecialchars($cat); ?>
|
||||
</label>
|
||||
@@ -161,7 +161,7 @@ $nonce = SecurityHeadersMiddleware::getNonce();
|
||||
<label>
|
||||
<input type="checkbox"
|
||||
name="type"
|
||||
value="<?php echo $type; ?>"
|
||||
value="<?php echo htmlspecialchars($type); ?>"
|
||||
<?php echo in_array($type, $currentTypes) ? 'checked' : ''; ?>>
|
||||
<?php echo htmlspecialchars($type); ?>
|
||||
</label>
|
||||
|
||||
Reference in New Issue
Block a user