fix #547 and escape string when only JS in the live output (first ver…

…sion was on wrong branch)
jsbin · Mar 24, 2013 · 3f5cc6c · 3f5cc6c
1 parent dd14dfb
commit 3f5cc6c
Showing 1 changed file with 5 additions and 1 deletion.
diff --git a/public/js/render/render.js b/public/js/render/render.js
@@ -108,7 +108,11 @@ function getPreparedCode(nojs) {
   // contains '$$' it's replaced to '$' - thus breaking Prototype code. This method
   // gets around the problem.
   if (!hasHTML && hasJS) {
-    source = "<pre>\n" + js + "</pre>";
+    source = "<pre>\n" + js.replace(/[<>&]/g, function (m) {
+          if (m == '<') return '&lt;';
+          if (m == '>') return '&gt;';
+          if (m == '"') return '&quot;';
+        }) + "</pre>";
   } else if (re.code.test(source)) {
     parts = source.split('%code%');
     source = parts[0] + js + parts[1];