From 0b7d370286ba2d0a7d35c1b9180425b6212b10f8 Mon Sep 17 00:00:00 2001 From: Timotej Lazar Date: Fri, 18 Sep 2015 12:58:03 +0200 Subject: Escape HTML in hint template parameters --- js/codeq/hint.js | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'js') diff --git a/js/codeq/hint.js b/js/codeq/hint.js index a94f571..d090c4d 100644 --- a/js/codeq/hint.js +++ b/js/codeq/hint.js @@ -35,7 +35,9 @@ if (!args) return template; return template.replace(/\[%=(\w+)%\]/g, function(match, name) { - return args[name]; + return args[name].replace(/&/g, '&') + .replace(//g, '>'); }); }, @@ -181,4 +183,4 @@ } }; }; -})(); \ No newline at end of file +})(); -- cgit v1.2.1