From e92f2257c00c59ebc2bb6a36f60b283c4117bdb2 Mon Sep 17 00:00:00 2001
From: The-Lady <ash.phoenix97@gmail.com>
Date: Mon, 19 Apr 2021 01:44:39 -0400
Subject: [PATCH 1/2] Encoded returnUrl parameter of html form

---
 .../controller/htmlform/BaseEnterHtmlFormPageController.java  | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/omod/src/main/java/org/openmrs/module/htmlformentryui/page/controller/htmlform/BaseEnterHtmlFormPageController.java b/omod/src/main/java/org/openmrs/module/htmlformentryui/page/controller/htmlform/BaseEnterHtmlFormPageController.java
index 5f9d20b..d560765 100644
--- a/omod/src/main/java/org/openmrs/module/htmlformentryui/page/controller/htmlform/BaseEnterHtmlFormPageController.java
+++ b/omod/src/main/java/org/openmrs/module/htmlformentryui/page/controller/htmlform/BaseEnterHtmlFormPageController.java
@@ -14,6 +14,7 @@
 
 package org.openmrs.module.htmlformentryui.page.controller.htmlform;
 
+import org.apache.commons.lang.StringEscapeUtils;
 import org.apache.commons.lang.StringUtils;
 import org.openmrs.Form;
 import org.openmrs.Patient;
@@ -71,7 +72,8 @@ public void get(UiSessionContext sessionContext, @RequestParam("patientId") Pati
 			throw new IllegalArgumentException("Couldn't find a form");
 		}
 		
-		returnUrl = HtmlFormUtil.determineReturnUrl(returnUrl, returnProvider, returnPage, currentPatient, visit, ui);
+		returnUrl = HtmlFormUtil.determineReturnUrl(StringEscapeUtils.escapeHtml(returnUrl), returnProvider, returnPage,
+		    currentPatient, visit, ui);
 		returnLabel = HtmlFormUtil.determineReturnLabel(returnLabel, currentPatient, ui);
 		
 		model.addAttribute("htmlForm", htmlForm);

From bbce9f7a3efd38109e6422ea6bca373f232f657e Mon Sep 17 00:00:00 2001
From: The-Lady <ash.phoenix97@gmail.com>
Date: Fri, 23 Apr 2021 10:18:19 -0400
Subject: [PATCH 2/2] Changed encoding of returnUrl parameter of form from HTML
 to JS

---
 .../controller/htmlform/BaseEnterHtmlFormPageController.java  | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/omod/src/main/java/org/openmrs/module/htmlformentryui/page/controller/htmlform/BaseEnterHtmlFormPageController.java b/omod/src/main/java/org/openmrs/module/htmlformentryui/page/controller/htmlform/BaseEnterHtmlFormPageController.java
index d560765..6722d3d 100644
--- a/omod/src/main/java/org/openmrs/module/htmlformentryui/page/controller/htmlform/BaseEnterHtmlFormPageController.java
+++ b/omod/src/main/java/org/openmrs/module/htmlformentryui/page/controller/htmlform/BaseEnterHtmlFormPageController.java
@@ -72,8 +72,8 @@ public void get(UiSessionContext sessionContext, @RequestParam("patientId") Pati
 			throw new IllegalArgumentException("Couldn't find a form");
 		}
 		
-		returnUrl = HtmlFormUtil.determineReturnUrl(StringEscapeUtils.escapeHtml(returnUrl), returnProvider, returnPage,
-		    currentPatient, visit, ui);
+		returnUrl = HtmlFormUtil.determineReturnUrl(StringEscapeUtils.escapeJavaScript(returnUrl), returnProvider,
+		    returnPage, currentPatient, visit, ui);
 		returnLabel = HtmlFormUtil.determineReturnLabel(returnLabel, currentPatient, ui);
 		
 		model.addAttribute("htmlForm", htmlForm);