Skip to content

Commit

Permalink
Escape html put into the highlighter
Browse files Browse the repository at this point in the history
  • Loading branch information
Ivan Virabyan committed Feb 16, 2015
1 parent 0b4b714 commit 0557c7b
Show file tree
Hide file tree
Showing 2 changed files with 31 additions and 3 deletions.
15 changes: 14 additions & 1 deletion jquery.mentions.coffee
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,19 @@ Selection =
input[0].selectStart = start
input[0].selectionEnd = end

entityMap =
"&": "&"
"<": "&lt;"
">": "&gt;"
"\"": "&quot;"
"'": "&#39;"
"/": "&#x2F;"


escapeHtml = (text) ->
text.replace /[&<>"'\/]/g, (s) ->
entityMap[s]


settings =
delay: 0
Expand Down Expand Up @@ -293,7 +306,7 @@ class MentionsInput extends MentionsBase
@_addMention(name: ui.item.value, pos: ui.item.pos, uid: ui.item.uid)

_updateValue: =>
value = hlContent = @input.val()
value = hlContent = escapeHtml(@input.val())
for mention in @mentions
markedName = @_mark(mention.name)
hlContent = hlContent.replace(markedName, "<strong>#{mention.name}</strong>")
Expand Down
19 changes: 17 additions & 2 deletions jquery.mentions.js
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

0 comments on commit 0557c7b

Please sign in to comment.