caojiezi2003/Stackedit
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Escape file titles in recovery page

Browse Source
This commit is contained in:
benweet 2013-11-03 22:34:41 +00:00
parent d9b3b95f46
commit 81db48c1a9
1 changed files with 16 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
public/recovery.html
View File

@ -42,6 +42,21 @@
elt.className = elt.className.replace(/ hide/, ''); elt.className = elt.className.replace(/ hide/, '');
} }
var entityMap = {
"&": "&",
"<": "&lt;",
">": "&gt;",
'"': '&quot;',
"'": '&#39;',
"/": '&#x2F;'
};
function escapeHtml(string) {
return String(string).replace(/[&<>"'\/]/g, function(s) {
return entityMap[s];
});
}
function listFiles() { function listFiles() {
// List files // List files
var fileListElt = document.querySelector('.file-list'); var fileListElt = document.querySelector('.file-list');
@ -56,7 +71,7 @@
'<a href="javascript:removeFile(\'', '<a href="javascript:removeFile(\'',
fileIndex, fileIndex,
'\')" class="icon-trash"></a> ', '\')" class="icon-trash"></a> ',
fileTitle, escapeHtml(fileTitle),
].join(''); ].join('');
fileListElt.appendChild(divElt); fileListElt.appendChild(divElt);
} }