Added html escaping.
This commit is contained in:
parent
0879e4e296
commit
aebb5ad4b4
1 changed files with 2 additions and 2 deletions
|
@ -351,9 +351,9 @@
|
||||||
console.log('result', term, result)
|
console.log('result', term, result)
|
||||||
for (var i = 0; i < result.length; i++) {
|
for (var i = 0; i < result.length; i++) {
|
||||||
var item = result[i]
|
var item = result[i]
|
||||||
var template = "<li><a href=\"#\" class=\"u-textTruncate\" data-id=" + item.id + ">" + item.name
|
var template = "<li><a href=\"#\" class=\"u-textTruncate\" data-id=" + item.id + ">" + App.Utils.htmlEscape(item.name)
|
||||||
if (item.keywords) {
|
if (item.keywords) {
|
||||||
template = template + " (" + item.keywords + ")"
|
template = template + " (" + App.Utils.htmlEscape(item.keywords) + ")"
|
||||||
}
|
}
|
||||||
template = template + "</a></li>"
|
template = template + "</a></li>"
|
||||||
this.$widget.find('ul').append(template)
|
this.$widget.find('ul').append(template)
|
||||||
|
|
Loading…
Reference in a new issue