@ -1,5 +1,9 @@
'use strict' ;
function htmlEncode ( text ) {
return jQuery ( '<div />' ) . text ( text ) . html ( )
}
var csrf ;
var suburl ;
@ -312,12 +316,12 @@ function initCommentForm() {
switch ( input _id ) {
case '#milestone_id' :
$list . find ( '.selected' ) . html ( '<a class="item" href=' + $ ( this ) . data ( 'href' ) + '>' +
( this ) . text ( ) + '</a>' ) ;
htmlEncode( $( this ) . text ( ) ) + '</a>' ) ;
break ;
case '#assignee_id' :
$list . find ( '.selected' ) . html ( '<a class="item" href=' + $ ( this ) . data ( 'href' ) + '>' +
'<img class="ui avatar image" src=' + $ ( this ) . data ( 'avatar' ) + '>' +
( this ) . text ( ) + '</a>' ) ;
htmlEncode( $( this ) . text ( ) ) + '</a>' ) ;
}
$ ( '.ui' + select _id + '.list .no-select' ) . addClass ( 'hide' ) ;
$ ( input _id ) . val ( $ ( this ) . data ( 'id' ) ) ;
@ -1456,7 +1460,7 @@ function searchUsers() {
$ . each ( response . data , function ( i , item ) {
var title = item . login ;
if ( item . full _name && item . full _name . length > 0 ) {
title += ' (' + . full _name + ')' ;
title += ' (' + htmlEncode( item. full _name ) + ')' ;
}
items . push ( {
title : title ,
@ -2510,7 +2514,7 @@ function initTopicbar() {
if ( res . topics ) {
formattedResponse . success = true ;
for ( var i = 0 ; i < res . topics . length ; i ++ ) {
formattedResponse . results . push ( { "description" : res . topics [ i ] . Name , "data-value" : res . topics [ i ] . Name } )
formattedResponse . results . push ( { "description" : res . topics [ i ] . Name , "data-value" : res . topics [ i ] . Name } )
}
}
@ -2631,7 +2635,7 @@ function initIssueList() {
// Parse the response from the api to work with our dropdown
$ . each ( response , function ( index , issue ) {
filteredResponse . results . push ( {
'name' : '#' + issue . number + ' ' + . title ,
'name' : '#' + issue . number + ' ' + htmlEncode( issue. title ) ,
'value' : issue . id
} ) ;
} ) ;
techknowlogick
5 years ago
committed by
GitHub