Added html escaping.

2015-01-20 01:33:49 +01:00 · 2015-01-20 01:33:49 +01:00 · aebb5ad4b4
commit aebb5ad4b4
parent 0879e4e296
1 changed files with 2 additions and 2 deletions
--- a/app/assets/javascripts/app/lib/base/jquery.textmodule.js
+++ b/app/assets/javascripts/app/lib/base/jquery.textmodule.js
@ -351,9 +351,9 @@
    console.log('result', term, result)
    for (var i = 0; i < result.length; i++) {
      var item = result[i]
-      var template = "<li><a href=\"#\" class=\"u-textTruncate\" data-id=" + item.id + ">" + item.name
+      var template = "<li><a href=\"#\" class=\"u-textTruncate\" data-id=" + item.id + ">" + App.Utils.htmlEscape(item.name)
      if (item.keywords) {
-        template = template + " (" + item.keywords + ")"
+        template = template + " (" + App.Utils.htmlEscape(item.keywords) + ")"
      }
      template = template + "</a></li>"
      this.$widget.find('ul').append(template)