Escape github repo descriptions, as they may contain HTML.
Brandon Mathis authored on 03/01/2013 at 05:07:38... | ... |
@@ -1,9 +1,12 @@ |
1 | 1 |
var github = (function(){ |
2 |
+ function escapeHtml(str) { |
|
3 |
+ return $('<div/>').text(str).html(); |
|
4 |
+ } |
|
2 | 5 |
function render(target, repos){ |
3 | 6 |
var i = 0, fragment = '', t = $(target)[0]; |
4 | 7 |
|
5 | 8 |
for(i = 0; i < repos.length; i++) { |
6 |
- fragment += '<li><a href="'+repos[i].html_url+'">'+repos[i].name+'</a><p>'+(repos[i].description||'')+'</p></li>'; |
|
9 |
+ fragment += '<li><a href="'+repos[i].html_url+'">'+repos[i].name+'</a><p>'+escapeHtml(repos[i].description||'')+'</p></li>'; |
|
7 | 10 |
} |
8 | 11 |
t.innerHTML = fragment; |
9 | 12 |
} |