Impossible to assign a location with an apostrophe in the name to a user.

Hi Everyone,

We found that is not possible to assign a location with an apostrophe to a user in Advance administration -> User Management. image

After analyses I found out that the problem is here:

When the HTML code is being generated, the variable locationName is being surrounded by ' . Meaning that, when the HTML is being interpreted, if the locationName as a ' it will be considered the end of the text.

A possible solution is to replace the ' in the code by a ".

Please let me know what do you think.

cc: @mksd

Hi All,

I think that this would cause the same problem if someone used “ in a name. Is not the proper way to ensure the locationName is appropriately escaped for HTML? '.

But also all html characters such as < > & etc should also be escaped.

1 Like

That symbol should be & a p o s ; but as one string &apos;

1 Like

Nice catch, is not expected that situations for locations names, but is better protect for all the cases.

Please follow the issue here.