--- loncom/interface/lonsyllabus.pm	2014/06/17 23:22:14	1.137
+++ loncom/interface/lonsyllabus.pm	2015/06/09 21:22:57	1.138
@@ -1,7 +1,7 @@
 # The LearningOnline Network
 # Syllabus
 #
-# $Id: lonsyllabus.pm,v 1.137 2014/06/17 23:22:14 raeburn Exp $
+# $Id: lonsyllabus.pm,v 1.138 2015/06/09 21:22:57 damieng Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -580,6 +580,7 @@ ENDSCRIPT
         my $checkedstr = "var include = new Array('".join("','",@checked)."');";
         my $uncheckedstr = "var exclude = new Array('".join("','",@unchecked)."');";
         my $invurl = &mt('Invalid URL');
+        &js_escape(\$invurl);
         my $urlregexp = <<'ENDREGEXP';
 /^([a-z]([a-z]|\d|\+|-|\.)*):(\/\/(((([a-z]|\d|-|\.|_|~|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])|(%[\da-f]{2})|[!\$&'\(\)\*\+,;=]|:)*@)?((\[(|(v[\da-f]{1,}\.(([a-z]|\d|-|\.|_|~)|[!\$&'\(\)\*\+,;=]|:)+))\])|((\d|[1-9]\d|1\d\d|2[0-4]\d|25[0-5])\.(\d|[1-9]\d|1\d\d|2[0-4]\d|25[0-5])\.(\d|[1-9]\d|1\d\d|2[0-4]\d|25[0-5])\.(\d|[1-9]\d|1\d\d|2[0-4]\d|25[0-5]))|(([a-z]|\d|-|\.|_|~|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])|(%[\da-f]{2})|[!\$&'\(\)\*\+,;=])*)(:\d*)?)(\/(([a-z]|\d|-|\.|_|~|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])|(%[\da-f]{2})|[!\$&'\(\)\*\+,;=]|:|@)*)*|(\/((([a-z]|\d|-|\.|_|~|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])|(%[\da-f]{2})|[!\$&'\(\)\*\+,;=]|:|@)+(\/(([a-z]|\d|-|\.|_|~|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])|(%[\da-f]{2})|[!\$&'\(\)\*\+,;=]|:|@)*)*)?)|((([a-z]|\d|-|\.|_|~|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])|(%[\da-f]{2})|[!\$&'\(\)\*\+,;=]|:|@)+(\/(([a-z]|\d|-|\.|_|~|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])|(%[\da-f]{2})|[!\$&'\(\)\*\+,;=]|:|@)*)*)|((([a-z]|\d|-|\.|_|~|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])|(%[\da-f]{2})|[!\$&'\(\)\*\+,;=]|:|@)){0})(\?((([a-z]|\d|-|\.|_|~|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])|(%[\da-f]{2})|[!\$&'\(\)\*\+,;=]|:|@)|[\uE000-\uF8FF]|\/|\?)*)?(\#((([a-z]|\d|-|\.|_|~|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])|(%[\da-f]{2})|[!\$&'\(\)\*\+,;=]|:|@)|\/|\?)*)?$/i
 ENDREGEXP
@@ -1627,11 +1628,12 @@ sub editfile_button {
 }
 
 sub editbutton_js {
-    my %lt = &Apache::lonlocal::texthash(
+    my %js_lt = &Apache::lonlocal::texthash(
                min    => 'Are you sure you want to delete the contents of the syllabus template?',
                file   => 'Are you sure you want to delete the uploaded syllabus file?',
                noundo => 'This action cannot be reversed.'
              );
+    &js_escape(\%js_lt);
     return <<ENDJS;
                 <script type="text/javascript">
                 // <![CDATA[
@@ -1642,12 +1644,12 @@ sub editbutton_js {
                       if (document.getElementById('deleteuploaded_'+caller)) {
                           document.getElementById('deleteuploaded_'+caller).value=1;
                           if (caller == 'minimal') {
-                              if (confirm("$lt{'min'}"+"\\n"+"$lt{'noundo'}")) {
+                              if (confirm("$js_lt{'min'}"+"\\n"+"$js_lt{'noundo'}")) {
                                   document.syllabus.submit();
                               }
                           }
                           if (caller == 'file') {
-                              if (confirm("$lt{'file'}"+"\\n"+"$lt{'noundo'}")) {
+                              if (confirm("$js_lt{'file'}"+"\\n"+"$js_lt{'noundo'}")) {
                                   document.syllabus.submit();
                               }
                           }