Permalink
Browse files

HTML-escape the text.

Without this, HTML-unsafe characters, like < and >, don't get preserved.
  • Loading branch information...
1 parent 587e182 commit 8830685dc0fcef780735f04fc772d9164dfb9ef8 @alecperkins alecperkins committed Sep 25, 2012
Showing with 11 additions and 1 deletion.
  1. +11 −1 js/jquery.slabtext.js
View
12 js/jquery.slabtext.js
@@ -138,7 +138,17 @@
finalText = postText;
};
- lineText.push('<span class="slabtext">' + $.trim(settings.wrapAmpersand ? finalText.replace(/&/g, '<span class="amp">&amp;</span>') : finalText) + "</span>");
+ // HTML-escape the text
+ finalText = $('<div/>').text(finalText).html()
+
+ // Wrap ampersands in spans with class `amp` for specific styling
+ if(settings.wrapAmpersand) {
+ finalText = finalText.replace(/&amp;/g, '<span class="amp">&amp;</span>');
+ }
+
+ finalText = $.trim(finalText)
+
+ lineText.push('<span class="slabtext">' + finalText + "</span>");
};
$this.html(lineText.join(" "));

0 comments on commit 8830685

Please sign in to comment.