Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Escape HTML in commit messages. Fixes #22
  • Loading branch information
lilyball committed May 14, 2008
1 parent ceed7d1 commit 019f7ea
Show file tree
Hide file tree
Showing 3 changed files with 22 additions and 2 deletions.
1 change: 1 addition & 0 deletions ApplicationController.rb
Expand Up @@ -13,6 +13,7 @@
$:.unshift(libdir, "#{libdir}/grit/lib", "#{libdir}/mime-types/lib")
require 'grit'
require 'time_extensions'
require 'string_hacks'
require 'InfoWindowController'

OSX.ns_import 'CommitSummaryCell'
Expand Down
4 changes: 2 additions & 2 deletions CommitsController.rb
Expand Up @@ -151,9 +151,9 @@ def update_main_document
diffs = []
doc = @commit_details.mainFrame.DOMDocument
title, message = active_commit.message.split("\n", 2)
set_html("title", title.strip.gsub("\n", "<br />"))
set_html("title", title.escapeHTML.strip.gsub("\n", "<br />"))
if message
set_html("message", message.strip.gsub("\n", "<br />"))
set_html("message", message.escapeHTML.strip.gsub("\n", "<br />"))
show_element("message")
else
hide_element("message")
Expand Down
19 changes: 19 additions & 0 deletions lib/string_hacks.rb
@@ -0,0 +1,19 @@
class String
HTML_ESCAPES = {
?& => "amp",
?" => "quot",
?< => "lt",
?> => "gt"
}.freeze

def escapeHTML
self.split("").collect { |x| HTML_ESCAPES.key?(x.ord) ? "&#{HTML_ESCAPES[x.ord]};" : x }.join("")
end

# Ruby 1.9 forward-compatibility
unless String.method_defined?(:ord)
define_method :ord do
self[0]
end
end
end

0 comments on commit 019f7ea

Please sign in to comment.