Permalink
Browse files

Merge pull request #398 from passy/dart-escaping

dart: Escape HTML in todo rendering
  • Loading branch information...
2 parents 5b9773d + d973493 commit 14489548aafc18dc88b668cdaa027f94fc5d799a @sindresorhus sindresorhus committed Jan 17, 2013
View
4 architecture-examples/dart/web/dart/TodoWidget.dart
@@ -13,10 +13,10 @@ class TodoWidget {
<li ${todo.completed ? 'class="completed"' : ''}>
<div class='view'>
<input class='toggle' type='checkbox' ${todo.completed ? 'checked' : ''}>
- <label class='todo-content'>${todo.title}</label>
+ <label class='todo-content'>${htmlEscape(todo.title)}</label>
<button class='destroy'></button>
</div>
- <input class='edit' value='${todo.title}'>
+ <input class='edit' value='${htmlEscape(todo.title)}'>
</li>
''');
View
13 architecture-examples/dart/web/dart/app.dart
@@ -40,3 +40,16 @@ class UUID {
return random.nextInt(65536).toRadixString(16);
}
}
+
+/**
+ * Escapes HTML-special characters of [text] so that the result can be
+ * included verbatim in HTML source code, either in an element body or in an
+ * attribute value.
+ */
+String htmlEscape(String text) {
+ return text.replaceAll("&", "&amp;")
+ .replaceAll("<", "&lt;")
+ .replaceAll(">", "&gt;")
+ .replaceAll('"', "&quot;")
+ .replaceAll("'", "&apos;");
+}
View
11,934 architecture-examples/dart/web/dart/app.dart.js
3,229 additions, 8,705 deletions not shown because the diff is too large. Please use a local Git client to view these changes.
View
7 architecture-examples/dart/web/dart/app.dart.js.map
4 additions, 3 deletions not shown because the diff is too large. Please use a local Git client to view these changes.

0 comments on commit 1448954

Please sign in to comment.