Fix escaping issue for Markdown editor

author: Frédéric Guillot <fred@kanboard.net> 2018-05-03 15:15:50 -0700
committer: Frédéric Guillot <fred@kanboard.net> 2018-05-03 15:15:50 -0700
commit: c8df8a7c8cd73f680fa2d0422d93e2ed29e2fd16 (patch)
tree: 9675e0f4e0360130f9c0d0cad3772f4675de991b /app
parent: 46cefbc2baf2ea66024073d1eb3a254fa95fd6b1 (diff)
1 files changed, 3 insertions, 2 deletions
diff --git a/app/Helper/FormHelper.php b/app/Helper/FormHelper.php
index 9eabd724..c6948a22 100644
--- a/app/Helper/FormHelper.php
+++ b/app/Helper/FormHelper.php
@@ -213,7 +213,6 @@ class FormHelper extends Base
     {
         $params = array(
             'name' => $name,
-            'text' => isset($values[$name]) ? $values[$name] : '',
             'css' => $this->errorClass($errors, $name),
             'required' => isset($attributes['required']) && $attributes['required'],
             'tabindex' => isset($attributes['tabindex']) ? $attributes['tabindex'] : '-1',
@@ -232,7 +231,9 @@ class FormHelper extends Base
             $params['suggestOptions']['triggers']['@'] = $this->helper->url->to('UserAjaxController', 'mention', array('project_id' => $values['project_id'], 'search' => 'SEARCH_TERM'));
         }
 
-        $html = '<div class="js-text-editor" data-params=\''.json_encode($params, JSON_HEX_APOS).'\'></div>';
+        $html = '<div class="js-text-editor" data-params=\''.json_encode($params, JSON_HEX_APOS).'\'>';
+        $html .= '<script type="text/template">'.(isset($values[$name]) ? $values[$name] : '').'</script>';
+        $html .= '</div>';
         $html .= $this->errorList($errors, $name);
 
         return $html;
author	Frédéric Guillot <fred@kanboard.net>	2018-05-03 15:15:50 -0700
committer	Frédéric Guillot <fred@kanboard.net>	2018-05-03 15:15:50 -0700
commit	c8df8a7c8cd73f680fa2d0422d93e2ed29e2fd16 (patch)
tree	9675e0f4e0360130f9c0d0cad3772f4675de991b /app
parent	46cefbc2baf2ea66024073d1eb3a254fa95fd6b1 (diff)