diff options
author | Timotej Lazar <timotej.lazar@araneo.org> | 2015-09-18 12:58:03 +0200 |
---|---|---|
committer | Timotej Lazar <timotej.lazar@araneo.org> | 2015-09-18 12:58:03 +0200 |
commit | 0b7d370286ba2d0a7d35c1b9180425b6212b10f8 (patch) | |
tree | 7b6b95661a9680d195575bb06239c24439674a5e /js | |
parent | d53f6ca305da14cea431433601ba20835872c83d (diff) |
Escape HTML in hint template parameters
Diffstat (limited to 'js')
-rw-r--r-- | js/codeq/hint.js | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/js/codeq/hint.js b/js/codeq/hint.js index a94f571..d090c4d 100644 --- a/js/codeq/hint.js +++ b/js/codeq/hint.js @@ -35,7 +35,9 @@ if (!args) return template; return template.replace(/\[%=(\w+)%\]/g, function(match, name) { - return args[name]; + return args[name].replace(/&/g, '&') + .replace(/</g, '<') + .replace(/>/g, '>'); }); }, @@ -181,4 +183,4 @@ } }; }; -})();
\ No newline at end of file +})(); |