Skip to content

Commit

Permalink
Merge pull request #4 from lostsnow/v1
Browse files Browse the repository at this point in the history
add escape html
  • Loading branch information
lostsnow authored Feb 3, 2017
2 parents c0b5e5b + ba18822 commit 8da6071
Show file tree
Hide file tree
Showing 3 changed files with 9 additions and 4 deletions.
2 changes: 1 addition & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ Pinboard+

A better firefox add-on for [Pinboard.in](http://pinboard.in).

Current version: 1.0.0
Current version: 1.0.1

Feature
-------
Expand Down
9 changes: 7 additions & 2 deletions js/popup.js
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,11 @@
keyCode = { enter: 13, tab: 9, up: 38, down: 40, ctrl: 17, n: 78, p: 80, space: 32 },
SEC = 1000, MIN = SEC * 60, HOUR = MIN * 60, DAY = HOUR * 24, WEEK = DAY * 7;

var escapeHTML = function (str) {
var replacements = { "&": "&amp;", '"': "&quot;", "'": "&#39;", "<": "&lt;", ">": "&gt;" };
return str.replace(/[&"'<>]/g, (m) => replacements[m]);
}

var getTimePassed = function (date) {
var ret = { day: 0, hour: 0, min: 0, sec: 0, offset: -1 },
offset = new Date() - date, r;
Expand Down Expand Up @@ -372,7 +377,7 @@
if (item.isActive === true) {
cls = "active";
}
$("#auto-complete ul").append('<li class="' + cls + '">' + item.text + '</li>');
$("#auto-complete ul").append('<li class="' + cls + '">' + escapeHTML(item.text) + '</li>');
});
$autocomplete.show();
} else {
Expand All @@ -388,7 +393,7 @@
if ($scope.pageInfo.tag.split(' ').indexOf(suggest) != -1) {
cls += " selected";
}
$("#suggest").append('<a href="#" class="' + cls + '">' + suggest + '</a>');
$("#suggest").append('<a href="#" class="' + cls + '">' + escapeHTML(suggest) + '</a>');
});
$("#suggest").append('<a href="#" class="add-all-tag">Add all</a>')
$(".add-tag").off("click").on("click", function(){
Expand Down
2 changes: 1 addition & 1 deletion manifest.json
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
{
"manifest_version": 2,
"name": "Pinboard+",
"version": "1.0.0",
"version": "1.0.1",
"description": "A better firefox extension for Pinboard (http://pinboard.in).",
"homepage_url": "https://github.com/lostsnow/pinboard-firefox",
"icons": {
Expand Down

0 comments on commit 8da6071

Please sign in to comment.