Browse code

Escape github repo descriptions, as they may contain HTML.

Thomas Rix authored on 03/01/2013 at 04:55:09
Showing 1 changed files
... ...
@@ -1,9 +1,12 @@
1 1
 var github = (function(){
2
+  function escapeHtml(str) {
3
+    return $('<div/>').text(str).html();
4
+  }
2 5
   function render(target, repos){
3 6
     var i = 0, fragment = '', t = $(target)[0];
4 7
 
5 8
     for(i = 0; i < repos.length; i++) {
6
-      fragment += '<li><a href="'+repos[i].html_url+'">'+repos[i].name+'</a><p>'+(repos[i].description||'')+'</p></li>';
9
+      fragment += '<li><a href="'+repos[i].html_url+'">'+repos[i].name+'</a><p>'+escapeHtml(repos[i].description||'')+'</p></li>';
7 10
     }
8 11
     t.innerHTML = fragment;
9 12
   }