Skip to content

Commit

Permalink
Properly escape all relevant html entities
Browse files Browse the repository at this point in the history 
Avoid problems with files named things like '<img>' and so on.
  • Loading branch information
@isaacs
isaacs committed Feb 18, 2014
1 parent 358c5fc commit 5a0c188
Showing 1 changed file with 7 additions and 1 deletion.
8 changes: 7 additions & 1 deletion st.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -455,7 +455,13 @@ Mount.prototype._loadIndex = function (p, cb) {

Object.keys(data).map(function (f) {
var d = data[f]
var name = f.replace(/"/g, '&quot;')

var name = f
.replace(/"/g, '&quot;')
.replace(/>/g, '&lt;')
.replace(/</g, '&gt;')

This comment has been minimized.

Sign in to view

Copy link
@alexrothenberg

alexrothenberg Mar 24, 2014

Aren't &lt and &gt reversed?
.replace(/'/g, '&#39;')

if (d.size === '-') name += '/'
var showName = name.replace(/^(.{40}).{3,}$/, '$1..>')
nameLen = Math.max(nameLen, showName.length)
Expand Down

0 comments on commit 5a0c188

Please sign in to comment.