Permalink
Browse files

fix #547 and escape string when only JS in the live output (first ver…

…sion was on wrong branch)
  • Loading branch information...
1 parent dd14dfb commit 3f5cc6c716746dca8b6bc82be9fb56a8a2290daa @remy remy committed Mar 24, 2013
Showing with 5 additions and 1 deletion.
  1. +5 −1 public/js/render/render.js
@@ -108,7 +108,11 @@ function getPreparedCode(nojs) {
// contains '$$' it's replaced to '$' - thus breaking Prototype code. This method
// gets around the problem.
if (!hasHTML && hasJS) {
- source = "<pre>\n" + js + "</pre>";
+ source = "<pre>\n" + js.replace(/[<>&]/g, function (m) {
+ if (m == '<') return '&lt;';
+ if (m == '>') return '&gt;';
+ if (m == '"') return '&quot;';
+ }) + "</pre>";
} else if (re.code.test(source)) {
parts = source.split('%code%');
source = parts[0] + js + parts[1];

0 comments on commit 3f5cc6c

Please sign in to comment.