diff --git a/ApplicationController.rb b/ApplicationController.rb
index 85e059f..605de7a 100644
--- a/ApplicationController.rb
+++ b/ApplicationController.rb
@@ -13,6 +13,7 @@
$:.unshift(libdir, "#{libdir}/grit/lib", "#{libdir}/mime-types/lib")
require 'grit'
require 'time_extensions'
+require 'string_hacks'
require 'InfoWindowController'
OSX.ns_import 'CommitSummaryCell'
diff --git a/CommitsController.rb b/CommitsController.rb
index 178cf5b..67cec8d 100644
--- a/CommitsController.rb
+++ b/CommitsController.rb
@@ -151,9 +151,9 @@ def update_main_document
diffs = []
doc = @commit_details.mainFrame.DOMDocument
title, message = active_commit.message.split("\n", 2)
- set_html("title", title.strip.gsub("\n", "
"))
+ set_html("title", title.escapeHTML.strip.gsub("\n", "
"))
if message
- set_html("message", message.strip.gsub("\n", "
"))
+ set_html("message", message.escapeHTML.strip.gsub("\n", "
"))
show_element("message")
else
hide_element("message")
diff --git a/lib/string_hacks.rb b/lib/string_hacks.rb
new file mode 100644
index 0000000..e66045e
--- /dev/null
+++ b/lib/string_hacks.rb
@@ -0,0 +1,19 @@
+class String
+ HTML_ESCAPES = {
+ ?& => "amp",
+ ?" => "quot",
+ ?< => "lt",
+ ?> => "gt"
+ }.freeze
+
+ def escapeHTML
+ self.split("").collect { |x| HTML_ESCAPES.key?(x.ord) ? "{HTML_ESCAPES[x.ord]};" : x }.join("")
+ end
+
+ # Ruby 1.9 forward-compatibility
+ unless String.method_defined?(:ord)
+ define_method :ord do
+ self[0]
+ end
+ end
+end