Merge pull request #914 from rixth/master

Escape github repo descriptions, as they may contain HTML.
author: Brandon Mathis <brandon@imathis.com> 2013-01-02 21:07:38 -0800
committer: Brandon Mathis <brandon@imathis.com> 2013-01-02 21:07:38 -0800
commit: 0a2fb6c4d86b845d4a80addaf51f7dce1fec03f6 (patch)
tree: 01650cd86ae2ff033e5df7b222fbd5a7df4cf16e /.themes/classic/source
parent: c814560c86917f2931c90610e7c5343bbe63b3b6 (diff)
parent: bcdc904843d09ab686a1e380019bfdf2f145a665 (diff)
download: my_new_personal_website-0a2fb6c4d86b845d4a80addaf51f7dce1fec03f6.tar.xz
my_new_personal_website-0a2fb6c4d86b845d4a80addaf51f7dce1fec03f6.zip
1 files changed, 4 insertions, 1 deletions
diff --git a/.themes/classic/source/javascripts/github.js b/.themes/classic/source/javascripts/github.js
index 9e98b8c2..27a5a235 100644
--- a/.themes/classic/source/javascripts/github.js
+++ b/.themes/classic/source/javascripts/github.js
@@ -1,9 +1,12 @@
 var github = (function(){
+  function escapeHtml(str) {
+    return $('<div/>').text(str).html();
+  }
   function render(target, repos){
     var i = 0, fragment = '', t = $(target)[0];
 
     for(i = 0; i < repos.length; i++) {
-      fragment += '<li><a href="'+repos[i].html_url+'">'+repos[i].name+'</a><p>'+(repos[i].description||'')+'</p></li>';
+      fragment += '<li><a href="'+repos[i].html_url+'">'+repos[i].name+'</a><p>'+escapeHtml(repos[i].description||'')+'</p></li>';
     }
     t.innerHTML = fragment;
   }
author	Brandon Mathis <brandon@imathis.com>	2013-01-02 21:07:38 -0800
committer	Brandon Mathis <brandon@imathis.com>	2013-01-02 21:07:38 -0800
commit	0a2fb6c4d86b845d4a80addaf51f7dce1fec03f6 (patch)
tree	01650cd86ae2ff033e5df7b222fbd5a7df4cf16e /.themes/classic/source
parent	c814560c86917f2931c90610e7c5343bbe63b3b6 (diff)
parent	bcdc904843d09ab686a1e380019bfdf2f145a665 (diff)
download	my_new_personal_website-0a2fb6c4d86b845d4a80addaf51f7dce1fec03f6.tar.xz my_new_personal_website-0a2fb6c4d86b845d4a80addaf51f7dce1fec03f6.zip