Sanitize JS string fort alert()

ymollard · Oct 18, 2024 · a66e1d8 · a66e1d8
1 parent f9eb82d
commit a66e1d8
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/htdocs/takepos/index.php b/htdocs/takepos/index.php
@@ -597,7 +597,7 @@ function CloseBill() {
 	if (!empty($conf->global->TAKEPOS_FORBID_SALES_TO_DEFAULT_CUSTOMER)) {
 		echo "customerAnchorTag = document.querySelector('a[id=\"customer\"]'); ";
 		echo "if (customerAnchorTag && customerAnchorTag.innerText.trim() === '".$langs->trans("Customer")."') { ";
-		echo "alert('".$langs->trans("NoClientErrorMessage")."'); ";
+		echo "alert('".dol_escape_js($langs->trans("NoClientErrorMessage"))."'); ";
 		echo "return; } \n";
 	}
 	?>