Permalink
Browse files

Merge pull request #13 from droptype/master

HTML escaping
  • Loading branch information...
2 parents 8ff8f80 + 8830685 commit 464d47915490be2b11f5fbb5cc3558a2f5aceddc @freqdec committed Sep 27, 2012
Showing with 17 additions and 7 deletions.
  1. +17 −7 js/jquery.slabtext.js
View
24 js/jquery.slabtext.js
@@ -38,12 +38,12 @@
$.extend(settings, options);
};
- var $this = $(this),
+ var $this = $(this),
keepSpans = $("span.slabtext", $this).length,
- words = keepSpans ? [] : String($.trim($this.text())).replace(/\s{2,}/g, " ").split(" "),
- origFontSize = null,
- idealCharPerLine = null,
- fontRatio = settings.fontRatio,
+ words = keepSpans ? [] : String($.trim($this.text())).replace(/\s{2,}/g, " ").split(" "),
+ origFontSize = null,
+ idealCharPerLine = null,
+ fontRatio = settings.fontRatio,
forceNewCharCount = settings.forceNewCharCount,
headerBreakpoint = settings.headerBreakpoint,
viewportBreakpoint = settings.viewportBreakpoint,
@@ -132,13 +132,23 @@
// use that one for the line
if((preDiff < postDiff) && (preText.length > 2)) {
finalText = preText;
- wordIndex--;
+ wordIndex--;
// otherwise, use the longer string for the line
} else {
finalText = postText;
};
- lineText.push('<span class="slabtext">' + $.trim(settings.wrapAmpersand ? finalText.replace("&", '<span class="amp">&amp;</span>') : finalText) + "</span>");
+ // HTML-escape the text
+ finalText = $('<div/>').text(finalText).html()
+
+ // Wrap ampersands in spans with class `amp` for specific styling
+ if(settings.wrapAmpersand) {
+ finalText = finalText.replace(/&amp;/g, '<span class="amp">&amp;</span>');
+ }
+
+ finalText = $.trim(finalText)
+
+ lineText.push('<span class="slabtext">' + finalText + "</span>");
};
$this.html(lineText.join(" "));

0 comments on commit 464d479

Please sign in to comment.