Skip to content

Commit

Permalink
Added important notes to README.md about HTML escaping
Browse files Browse the repository at this point in the history
  • Loading branch information
sponomarev committed Apr 20, 2018
1 parent 77ec839 commit 255a6e6
Showing 1 changed file with 4 additions and 1 deletion.
5 changes: 4 additions & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,7 @@ cd csv-to-html-table
##### Custom formatting
If you want to do custom formatting for one or more column, you can pass in an array of arrays containing the index of the column and a custom function for formatting it. You can pass in multiple formatters and they will be executed in order.

The custom functions must take in one parameter (the value in the cell) and return a string:
The custom functions must take in one parameter (the value in the cell) and return a HTML string:

Example:

Expand All @@ -69,6 +69,9 @@ Example:
</script>
```

Note that you should take care about HTML escaping to avoid [XSS](https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)) or broken layout.
jQuery has a nice function [text()](https://api.jquery.com/text/) which safely escapes HTML from value.

#### 4. Run it

You can run this locally using this handy python command:
Expand Down

0 comments on commit 255a6e6

Please sign in to comment.