From 2c7065e0c4296e0c692fb4a7ee19c7357583af30 Mon Sep 17 00:00:00 2001
From: lethanhphuc <31820707+noobpk@users.noreply.github.com>
Date: Thu, 11 Nov 2021 17:32:09 +0700
Subject: [PATCH] Add function `htmlEntities`

`htmlentities()` is a function which converts special characters. This allows you to show to display the string without the browser reading it as HTML.
---
 helpdesk/templates/helpdesk/ticket_list.html | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/helpdesk/templates/helpdesk/ticket_list.html b/helpdesk/templates/helpdesk/ticket_list.html
index c9a57d23d..2894349b8 100644
--- a/helpdesk/templates/helpdesk/ticket_list.html
+++ b/helpdesk/templates/helpdesk/ticket_list.html
@@ -330,7 +330,11 @@ <h5 class="mb-0">
         function get_url(row) {
             return "{% url 'helpdesk:view' 1234 %}".replace(/1234/, row.id.toString());
         }
-
+        
+        function htmlEntities(str) {
+            return String(str).replace(/&/g, '&amp;').replace(/</g, '&lt;').replace(/>/g, '&gt;').replace(/"/g, '&quot;');
+        }
+        
         $(document).ready(function () {
             // Ticket DataTable Initialization
             $('#ticketTable').DataTable({
@@ -366,7 +370,7 @@ <h5 class="mb-0">
                             if (type === 'display') {
                                 data = '<div class="tickettitle"><a href="' + get_url(row) + '" >' +
                                     row.id + '. ' +
-                                    row.title + '</a></div>';
+                                    htmlEntities(row.title) + '</a></div>';
                             }
                             return data
                         }