Fix escaping

Some data was HTML-escaped in the API results. Now data in API results is (hopefully) all raw and clients have to escape as needed. One client is, obviously, taginfo itself and a few places have been changed to do the right escaping now. Fixes #19.
author: Jochen Topf <jochen@topf.org> 2013-01-30 22:06:36 +0100
committer: Jochen Topf <jochen@topf.org> 2013-01-30 22:06:36 +0100
commit: 59ca7dcc45cae63309795d3b30822fa06d4b7cb1 (patch)
tree: 18f54697ff03a214f4c79eedfae83183f7efb8b0 /web/viewsjs
parent: ce090c57c55e0e4d4ed36ef8274f89ff810b1fe1 (diff)
download: taginfo-59ca7dcc45cae63309795d3b30822fa06d4b7cb1.tar
taginfo-59ca7dcc45cae63309795d3b30822fa06d4b7cb1.tar.gz
3 files changed, 4 insertions, 4 deletions
diff --git a/web/viewsjs/key.js.erb b/web/viewsjs/key.js.erb
index b9c6763..e2a53bd 100644
--- a/web/viewsjs/key.js.erb
+++ b/web/viewsjs/key.js.erb
@@ -49,7 +49,7 @@ var create_flexigrid_for = {
                         hover_expand(link_to_value(key, row.value)),
                         fmt_value_with_percent(row.count, row.fraction),
                         fmt_checkmark(row.in_wiki),
-                        row.description
+                        html_escape(row.description)
                     ] };
                 });
                 delete data.data;
@@ -105,7 +105,7 @@ var create_flexigrid_for = {
                         return { 'cell': [
                             fmt_language(row.lang, row.language, row.language_en),
                             link_to_wiki(row.title),
-                            row.description,
+                            html_escape(row.description),
                             fmt_wiki_image_popup(row.image),
                             fmt_type_icon('node',     row.on_node) + 
                             fmt_type_icon('way',      row.on_way) + 
diff --git a/web/viewsjs/relation.js.erb b/web/viewsjs/relation.js.erb
index 4e9544a..f0f6bb4 100644
--- a/web/viewsjs/relation.js.erb
+++ b/web/viewsjs/relation.js.erb
@@ -75,7 +75,7 @@ var create_flexigrid_for = {
                         return { 'cell': [
                             fmt_language(row.lang, row.language, row.language_en),
                             link_to_wiki(row.title),
-                            row.description,
+                            html_escape(row.description),
                             fmt_wiki_image_popup(row.image)
                         ]};
                     })
diff --git a/web/viewsjs/tag.js.erb b/web/viewsjs/tag.js.erb
index 85c168a..f71990d 100644
--- a/web/viewsjs/tag.js.erb
+++ b/web/viewsjs/tag.js.erb
@@ -85,7 +85,7 @@ var create_flexigrid_for = {
                         return { 'cell': [
                             fmt_language(row.lang, row.language, row.language_en),
                             link_to_wiki(row.title),
-                            row.description,
+                            html_escape(row.description),
                             fmt_wiki_image_popup(row.image),
                             fmt_type_icon('node',     row.on_node) + 
                             fmt_type_icon('way',      row.on_way) +
author	Jochen Topf <jochen@topf.org>	2013-01-30 22:06:36 +0100
committer	Jochen Topf <jochen@topf.org>	2013-01-30 22:06:36 +0100
commit	59ca7dcc45cae63309795d3b30822fa06d4b7cb1 (patch)
tree	18f54697ff03a214f4c79eedfae83183f7efb8b0 /web/viewsjs
parent	ce090c57c55e0e4d4ed36ef8274f89ff810b1fe1 (diff)
download	taginfo-59ca7dcc45cae63309795d3b30822fa06d4b7cb1.tar taginfo-59ca7dcc45cae63309795d3b30822fa06d4b7cb1.tar.gz