TryGhost/Ghost
1
0
Fork 0
mirror of https://github.com/TryGhost/Ghost.git synced 2025-01-04 08:54:36 +03:00
Code Issues Projects Releases Wiki Activity

Properly display escaped tags in editor.

Browse Source 
fixes #2149, fixes #2453
- Escape tag before displaying in editor tag widget
This commit is contained in:
Fabian Becker 2014-02-08 12:56:55 +01:00
parent 4c3bb83df0
commit badd4a0655
1 changed files with 9 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
ghost/admin/views/editor-tag-widget.js
View File

@ -45,7 +45,7 @@
if (tags) {
_.forEach(tags, function (tag) {
var $tag = $('<span class="tag" data-tag-id="' + tag.id + '">' + tag.name + '</span>');
var $tag = $('<span class="tag" data-tag-id="' + tag.id + '">' + _.escape(tag.name) + '</span>');
$tags.append($tag);
$("[data-tag-id=" + tag.id + "]")[0].scrollIntoView(true);
});
@ -120,11 +120,14 @@
_.each(matchingTags, function (matchingTag) {
var highlightedName,
suggestionHTML;
highlightedName = matchingTag.name.replace(regexPattern, "<mark>$1</mark>");
highlightedName = matchingTag.name.replace(regexPattern, function (match, p1) {
return "<mark>" + _.escape(p1) + "</mark>";
});
/*jslint regexp: true */ // - would like to remove this
highlightedName = highlightedName.replace(/(<mark>[^<>]*)((<[^>]+>)+)([^<>]*<\/mark>)/, "$1</mark>$2<mark>$4");
highlightedName = highlightedName.replace(/(<mark>[^<>]*)((<[^>]+>)+)([^<>]*<\/mark>)/, function (match, p1, p2, p3, p4) {
return _.escape(p1) + '</mark>' + _.escape(p2) + '<mark>' + _.escape(p4);
});
suggestionHTML = "<li data-tag-id='" + matchingTag.id + "' data-tag-name='" + _.escape(matchingTag.name) + "'><a href='#'>" + highlightedName + "</a></li>";
this.$suggestions.append(suggestionHTML);
}, this);
@ -277,7 +280,7 @@
},
addTag: function (tag) {
var $tag = $('<span class="tag" data-tag-id="' + tag.id + '">' + tag.name + '</span>');
var $tag = $('<span class="tag" data-tag-id="' + tag.id + '">' + _.escape(tag.name) + '</span>');
this.$('.tags').append($tag);
$(".tag").last()[0].scrollIntoView(true);
window.scrollTo(0, 1);