Escape github repo descriptions, as they may contain HTML.

This commit is contained in:
Thomas Rix 2013-01-02 20:55:09 -08:00
parent c814560c86
commit bcdc904843

View File

@ -1,9 +1,12 @@
var github = (function(){ var github = (function(){
function escapeHtml(str) {
return $('<div/>').text(str).html();
}
function render(target, repos){ function render(target, repos){
var i = 0, fragment = '', t = $(target)[0]; var i = 0, fragment = '', t = $(target)[0];
for(i = 0; i < repos.length; i++) { for(i = 0; i < repos.length; i++) {
fragment += '<li><a href="'+repos[i].html_url+'">'+repos[i].name+'</a><p>'+(repos[i].description||'')+'</p></li>'; fragment += '<li><a href="'+repos[i].html_url+'">'+repos[i].name+'</a><p>'+escapeHtml(repos[i].description||'')+'</p></li>';
} }
t.innerHTML = fragment; t.innerHTML = fragment;
} }