Browse files

Properly escape all relevant html entities

Avoid problems with files named things like '<img>' and so on.
  • Loading branch information...
1 parent 358c5fc commit 5a0c1886737a20d78ae00b61e4724ae3095f4ddd @isaacs committed Feb 18, 2014
Showing with 7 additions and 1 deletion.
  1. +7 −1 st.js
View
8 st.js
@@ -455,7 +455,13 @@ Mount.prototype._loadIndex = function (p, cb) {
Object.keys(data).map(function (f) {
var d = data[f]
- var name = f.replace(/"/g, '&quot;')
+
+ var name = f
+ .replace(/"/g, '&quot;')
+ .replace(/>/g, '&lt;')
+ .replace(/</g, '&gt;')
@alexrothenberg
alexrothenberg added a line comment Mar 24, 2014

Aren't &lt and &gt reversed?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
+ .replace(/'/g, '&#39;')
+
if (d.size === '-') name += '/'
var showName = name.replace(/^(.{40}).{3,}$/, '$1..>')
nameLen = Math.max(nameLen, showName.length)

0 comments on commit 5a0c188

Please sign in to comment.