0007401: Single quote character in arbitrary category name leads to javascript error

ID	Project	Category	View Status	Date Submitted	Last Update

0007401	module Visual CMS	module Visual CMS - sub	public	2023-01-17 10:53	2023-08-29 16:26

Reporter	[email protected]	Assigned To
Priority	normal	Severity	major	Reproducibility	always
Status	resolved	Resolution	fixed
Product Version	3.6.0
Fixed in Version	3.6.2

Summary	0007401: Single quote character in arbitrary category name leads to javascript error
Description	When a category with a single quote character (') exists Visual CMS will fail to load and completely prevent editors from editing any content. This character is more common in some languages like e.g. dutch or french. This seems to be due to incorrect escaping in ddoevisualcmsadmin.tpl. The category widget "shortcode", which is part of the core visual cms module, loads all available categories and presents these as selectable options in the widget. The generation of these options in ddoevisualcmsadmin.tpl seems to be the problem.
Steps To Reproduce	- Create or edit a category with a single quote in it's name (e.g. "Single Quote ' Test") - Click on the Visual CMS menu entry - Watch a javascript error occur and preventing the Visual CMS from loading
Tags	No tags attached.
Attached Files	Screenshot 2023-01-17 103449.png (5,859 bytes) Screenshot 2023-01-17 103449.png (5,859 bytes) Screenshot 2023-01-17 103537.png (25,021 bytes) Screenshot 2023-01-17 103537.png (25,021 bytes)

QA 2023-01-17 16:08 administrator ~0014981 Last edited: 2023-01-17 16:08	Steps to reproduce in Backend: - Administer Products > Categories > create new Category: Single Quote ' Test - Customer Info > Visual CMS - Visual CMS isn't loading, see JS errors in Dev Console -MF