diff options
author | Thomas Rix <tom@rixth.org> | 2013-01-02 20:55:09 -0800 |
---|---|---|
committer | Thomas Rix <tom@rixth.org> | 2013-01-02 20:55:09 -0800 |
commit | bcdc904843d09ab686a1e380019bfdf2f145a665 (patch) | |
tree | 01650cd86ae2ff033e5df7b222fbd5a7df4cf16e /.themes/classic | |
parent | c814560c86917f2931c90610e7c5343bbe63b3b6 (diff) | |
download | my_new_personal_website-bcdc904843d09ab686a1e380019bfdf2f145a665.tar.xz my_new_personal_website-bcdc904843d09ab686a1e380019bfdf2f145a665.zip |
Escape github repo descriptions, as they may contain HTML.
Diffstat (limited to '')
-rw-r--r-- | .themes/classic/source/javascripts/github.js | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/.themes/classic/source/javascripts/github.js b/.themes/classic/source/javascripts/github.js index 9e98b8c2..27a5a235 100644 --- a/.themes/classic/source/javascripts/github.js +++ b/.themes/classic/source/javascripts/github.js @@ -1,9 +1,12 @@ var github = (function(){ + function escapeHtml(str) { + return $('<div/>').text(str).html(); + } function render(target, repos){ var i = 0, fragment = '', t = $(target)[0]; for(i = 0; i < repos.length; i++) { - fragment += '<li><a href="'+repos[i].html_url+'">'+repos[i].name+'</a><p>'+(repos[i].description||'')+'</p></li>'; + fragment += '<li><a href="'+repos[i].html_url+'">'+repos[i].name+'</a><p>'+escapeHtml(repos[i].description||'')+'</p></li>'; } t.innerHTML = fragment; } |