X-Git-Url: https://git.openstreetmap.org./rails.git/blobdiff_plain/c6bf21a9d054f29d788272767b7a77d58fe56aec..ef40b61ff40881966ae4280cfdcb9f92965e9d10:/app/views/site/edit.html.erb diff --git a/app/views/site/edit.html.erb b/app/views/site/edit.html.erb index 142d7a3f3..51389afc1 100644 --- a/app/views/site/edit.html.erb +++ b/app/views/site/edit.html.erb @@ -65,7 +65,7 @@ zoom='14' if zoom.nil? window.onbeforeunload=function() { if (!changesaved) { - return "<%= t 'site.edit.potlatch_unsaved_changes' %>"; + return '<%= escape_javascript(t('site.edit.potlatch_unsaved_changes')) %>'; } } @@ -78,9 +78,10 @@ zoom='14' if zoom.nil? fo.addVariable('token','<%= session[:token] %>'); if (lat) { fo.addVariable('lat',lat); } if (lon) { fo.addVariable('long',lon); } - <% if params['gpx'] %>fo.addVariable('gpx' ,'<%= h(params['gpx'] ) %>');<% end %> - <% if params['way'] %>fo.addVariable('way' ,'<%= h(params['way'] ) %>');<% end %> - <% if params['node'] %>fo.addVariable('node','<%= h(params['node']) %>');<% end %> + <% if params['gpx'] %>fo.addVariable('gpx' ,'<%= h(params['gpx'] ) %>');<% end %> + <% if params['way'] %>fo.addVariable('way' ,'<%= h(params['way'] ) %>');<% end %> + <% if params['node'] %>fo.addVariable('node' ,'<%= h(params['node'] ) %>');<% end %> + <% if params['tileurl'] %>fo.addVariable('custombg','<%= h(params['tileurl']) %>');<% end %> fo.write("map"); }