Escape code mode

author Chip Black <bytex64@bytex64.net>

Sun, 23 Mar 2014 08:46:31 +0000 (03:46 -0500)

committer Chip Black <bytex64@bytex64.net>

Sun, 23 Mar 2014 08:46:31 +0000 (03:46 -0500)
author Chip Black <bytex64@bytex64.net>
Sun, 23 Mar 2014 08:46:31 +0000 (03:46 -0500)
committer Chip Black <bytex64@bytex64.net>
Sun, 23 Mar 2014 08:46:31 +0000 (03:46 -0500)
diff --git a/www/jssrc/blerg/Util.js b/www/jssrc/blerg/Util.js

index 8706f81..6e99f46 100644 (file)
--- a/www/jssrc/blerg/Util.js
+++ b/www/jssrc/blerg/Util.js
@@ -77,6 +77,8 @@ blerg.Util.blergFormat = function(text) {
                  out.push('<p>');
                  githubCodeMode = false;
              } else {
+                // Sanitize HTML input
+                l = l.replace(/&/g, '&amp;').replace(/</g, '&lt;').replace(/>/g, '&gt;');
                  out.push(l + "\n");
              }
              return;
@@ -94,6 +96,8 @@ blerg.Util.blergFormat = function(text) {
                  out.push('<pre>');
                  codeMode = true;
              }
+            // Sanitize HTML input
+            l = l.replace(/&/g, '&amp;').replace(/</g, '&lt;').replace(/>/g, '&gt;');
              out.push(l.substr(4) + "\n");
              return;
          } else {
author	Chip Black <bytex64@bytex64.net>
	Sun, 23 Mar 2014 08:46:31 +0000 (03:46 -0500)
committer	Chip Black <bytex64@bytex64.net>
	Sun, 23 Mar 2014 08:46:31 +0000 (03:46 -0500)