diff options
| author | Jochen Topf <jochen@topf.org> | 2013-05-27 16:54:53 +0200 |
|---|---|---|
| committer | Jochen Topf <jochen@topf.org> | 2013-05-27 16:54:53 +0200 |
| commit | 5b068c32017743a9c9857594ae64c4645b1d4579 (patch) | |
| tree | 9213e1420f1ce7daba5f1ed569aee09e1e684a4c /web/viewsjs | |
| parent | 636528742eefea8316f31df4ebd66217a4f88a36 (diff) | |
| download | taginfo-5b068c32017743a9c9857594ae64c4645b1d4579.tar taginfo-5b068c32017743a9c9857594ae64c4645b1d4579.tar.gz | |
Add missing HTML escape in search results. Closes #29.
Diffstat (limited to 'web/viewsjs')
| -rw-r--r-- | web/viewsjs/search.js.erb | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/web/viewsjs/search.js.erb b/web/viewsjs/search.js.erb index 195f2fc..d09afd7 100644 --- a/web/viewsjs/search.js.erb +++ b/web/viewsjs/search.js.erb @@ -5,7 +5,7 @@ %> function highlight(str, query) { - return str.replace(new RegExp('(' + query + ')', 'gi'), "<b>$1</b>") + return html_escape(str).replace(new RegExp('(' + html_escape(query) + ')', 'gi'), "<b>$1</b>"); } function link_to_key_with_highlight(key, query) { @@ -107,7 +107,7 @@ var create_flexigrid_for = { return { 'cell': [ fmt_with_ts(row.count_all), link_to_rtype(row.rtype), - highlight(html_escape(row.role), query) + highlight(row.role, query) ] }; }); return data; |