Escape github repo descriptions, as they may contain HTML.
This commit is contained in:
parent
c814560c86
commit
bcdc904843
@ -1,9 +1,12 @@
|
|||||||
var github = (function(){
|
var github = (function(){
|
||||||
|
function escapeHtml(str) {
|
||||||
|
return $('<div/>').text(str).html();
|
||||||
|
}
|
||||||
function render(target, repos){
|
function render(target, repos){
|
||||||
var i = 0, fragment = '', t = $(target)[0];
|
var i = 0, fragment = '', t = $(target)[0];
|
||||||
|
|
||||||
for(i = 0; i < repos.length; i++) {
|
for(i = 0; i < repos.length; i++) {
|
||||||
fragment += '<li><a href="'+repos[i].html_url+'">'+repos[i].name+'</a><p>'+(repos[i].description||'')+'</p></li>';
|
fragment += '<li><a href="'+repos[i].html_url+'">'+repos[i].name+'</a><p>'+escapeHtml(repos[i].description||'')+'</p></li>';
|
||||||
}
|
}
|
||||||
t.innerHTML = fragment;
|
t.innerHTML = fragment;
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user