Permalink
Browse files

Fixed html escaping problem.

  • Loading branch information...
1 parent 583f7ee commit 0087a955b667799d22c0ba4182f03aae4574ca50 @zk committed Oct 13, 2010
Showing with 4 additions and 4 deletions.
  1. +2 −2 app/views/examples/_example.html.erb
  2. +2 −2 public/javascripts/cd.js
@@ -17,8 +17,8 @@
<div class="clear"></div>
<div class="content">
<pre class="brush: clojure"><%= e.body.gsub("<pre>", "").
- gsub("</pre>", "") %></pre>
+ gsub("</pre>", "").gsub("<", "&lt;").gsub(">", "&gt;") %></pre>
</div>
- <div class="hidden plain_content"><%= e.body %></div>
+ <div class="hidden plain_content"><%= e.body.gsub("<", "&lt;").gsub(">", "&gt;") %></div>
<div class="clear"></div>
</div>
@@ -128,7 +128,7 @@ CD.Examples = function() {
var textarea = el.find("textarea")
function updatePreview() {
- preview.html("<pre class='brush: clojure'>" + textarea.val() + "</pre>")
+ preview.html("<pre class='brush: clojure'>" + textarea.val().replace(/</g, "&lt;").replace(/>/g, "&gt;") + "</pre>")
SyntaxHighlighter.highlight(preview)
}
@@ -157,7 +157,7 @@ CD.Examples = function() {
example.find(".cancel").click(function(e) {
example.slideUp(function() {
- example.find(".content").html("<pre class='brush: clojure'>" + plain_content + "</pre>")
+ example.find(".content").html("<pre class='brush: clojure'>" + plain_content.replace(/</g, "&lt;").replace(/>/g, "&gt;") + "</pre>")
example.find(".edit").css('display', 'inline')
example.removeClass("editing")
SyntaxHighlighter.highlight(example)

0 comments on commit 0087a95

Please sign in to comment.