Browse code
Merge pull request #914 from rixth/master
Escape github repo descriptions, as they may contain HTML.
Brandon Mathis authored on 03/01/2013 at 05:07:38Showing 1 changed files
| ... | ... |
@@ -1,9 +1,12 @@ |
| 1 | 1 |
var github = (function(){
|
| 2 |
+ function escapeHtml(str) {
|
|
| 3 |
+ return $('<div/>').text(str).html();
|
|
| 4 |
+ } |
|
| 2 | 5 |
function render(target, repos){
|
| 3 | 6 |
var i = 0, fragment = '', t = $(target)[0]; |
| 4 | 7 |
|
| 5 | 8 |
for(i = 0; i < repos.length; i++) {
|
| 6 |
- fragment += '<li><a href="'+repos[i].html_url+'">'+repos[i].name+'</a><p>'+(repos[i].description||'')+'</p></li>'; |
|
| 9 |
+ fragment += '<li><a href="'+repos[i].html_url+'">'+repos[i].name+'</a><p>'+escapeHtml(repos[i].description||'')+'</p></li>'; |
|
| 7 | 10 |
} |
| 8 | 11 |
t.innerHTML = fragment; |
| 9 | 12 |
} |