Fix: escaping html in familyTree properly
authorAleksander Łukasz <aleksander.lukasz@nowoczesnapolska.org.pl>
Tue, 16 Jul 2013 09:51:42 +0000 (11:51 +0200)
committerAleksander Łukasz <aleksander.lukasz@nowoczesnapolska.org.pl>
Tue, 16 Jul 2013 09:51:42 +0000 (11:51 +0200)
modules/nodeFamilyTree/nodeFamilyTree.js

index af5d4d7..0825506 100644 (file)
@@ -49,14 +49,14 @@ return function(sandbox) {
                 if(child.getText) {
                     var text = child.getText();
                     if(!text)
                 if(child.getText) {
                     var text = child.getText();
                     if(!text)
-                        text = '&lt;pusty tekst&gt;';
+                        text = '<pusty tekst>';
                     else {
                         if(text.length > 13) {
                             text = text.substr(0,13) + '...';
                         }
                         text = '"' + text + '"';
                     }
                     else {
                         if(text.length > 13) {
                             text = text.substr(0,13) + '...';
                         }
                         text = '"' + text + '"';
                     }
-                    children.push({repr: text, bold: child.sameNode(textElement)});
+                    children.push({repr: _.escape(text), bold: child.sameNode(textElement)});
                 } else {
                     children.push({repr: child.getWlxmlTag() + (child.getWlxmlClass() ? ' / ' + child.getWlxmlClass() : '')});
                 }
                 } else {
                     children.push({repr: child.getWlxmlTag() + (child.getWlxmlClass() ? ' / ' + child.getWlxmlClass() : '')});
                 }