From 705c152f7ac88c5fbfb58f446e25b6ebd86011ab Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Wed, 30 May 2012 12:33:31 +0200
Subject: [PATCH] Fix: js not escaped

---
 htdocs/core/class/html.form.class.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/htdocs/core/class/html.form.class.php b/htdocs/core/class/html.form.class.php
index d7377fd0507..f8f21427a5c 100644
--- a/htdocs/core/class/html.form.class.php
+++ b/htdocs/core/class/html.form.class.php
@@ -2251,8 +2251,8 @@ class Form
             var choice=\'ko\';
             var inputok='.json_encode($inputok).';
             var inputko='.json_encode($inputko).';
-			var pageyes=\''.($pageyes?$pageyes:'').'\';
-			var pageno=\''.($pageno?$pageno:'').'\';
+			var pageyes=\''.dol_escape_js($pageyes?$pageyes:'').'\';
+			var pageno=\''.dol_escape_js($pageno?$pageno:'').'\';
 
 			/* Warning: This function is loaded once and not overwritten if loaded by another ajax page */
             $(function() {