Permalink
Browse files

Merge pull request #914 from rixth/master

Escape github repo descriptions, as they may contain HTML.
  • Loading branch information...
2 parents c814560 + bcdc904 commit 0a2fb6c4d86b845d4a80addaf51f7dce1fec03f6 @imathis imathis committed Jan 3, 2013
Showing with 4 additions and 1 deletion.
  1. +4 −1 .themes/classic/source/javascripts/github.js
@@ -1,9 +1,12 @@
var github = (function(){
+ function escapeHtml(str) {
+ return $('<div/>').text(str).html();
+ }
function render(target, repos){
var i = 0, fragment = '', t = $(target)[0];
for(i = 0; i < repos.length; i++) {
- fragment += '<li><a href="'+repos[i].html_url+'">'+repos[i].name+'</a><p>'+(repos[i].description||'')+'</p></li>';
+ fragment += '<li><a href="'+repos[i].html_url+'">'+repos[i].name+'</a><p>'+escapeHtml(repos[i].description||'')+'</p></li>';
}
t.innerHTML = fragment;
}

0 comments on commit 0a2fb6c

Please sign in to comment.