summaryrefslogtreecommitdiff
path: root/js/codeq
diff options
context:
space:
mode:
authorTimotej Lazar <timotej.lazar@araneo.org>2015-09-18 12:58:03 +0200
committerTimotej Lazar <timotej.lazar@araneo.org>2015-09-18 12:58:03 +0200
commit0b7d370286ba2d0a7d35c1b9180425b6212b10f8 (patch)
tree7b6b95661a9680d195575bb06239c24439674a5e /js/codeq
parentd53f6ca305da14cea431433601ba20835872c83d (diff)
Escape HTML in hint template parameters
Diffstat (limited to 'js/codeq')
-rw-r--r--js/codeq/hint.js6
1 files changed, 4 insertions, 2 deletions
diff --git a/js/codeq/hint.js b/js/codeq/hint.js
index a94f571..d090c4d 100644
--- a/js/codeq/hint.js
+++ b/js/codeq/hint.js
@@ -35,7 +35,9 @@
if (!args)
return template;
return template.replace(/\[%=(\w+)%\]/g, function(match, name) {
- return args[name];
+ return args[name].replace(/&/g, '&amp')
+ .replace(/</g, '&lt;')
+ .replace(/>/g, '&gt;');
});
},
@@ -181,4 +183,4 @@
}
};
};
-})(); \ No newline at end of file
+})();