@ -1,5 +1,9 @@
'use strict' ;
function htmlEncode ( text ) {
return jQuery ( '<div />' ) . text ( text ) . html ( )
}
var csrf ;
var suburl ;
@ -394,12 +398,12 @@ function initCommentForm() {
switch ( input _id ) {
case '#milestone_id' :
$list . find ( '.selected' ) . html ( '<a class="item" href=' + $ ( this ) . data ( 'href' ) + '>' +
$ ( this ) . text ( ) + '</a>' ) ;
htmlEncode ( $ ( this ) . text ( ) ) + '</a>' ) ;
break ;
case '#assignee_id' :
$list . find ( '.selected' ) . html ( '<a class="item" href=' + $ ( this ) . data ( 'href' ) + '>' +
'<img class="ui avatar image" src=' + $ ( this ) . data ( 'avatar' ) + '>' +
$ ( this ) . text ( ) + '</a>' ) ;
htmlEncode ( $ ( this ) . text ( ) ) + '</a>' ) ;
}
$ ( '.ui' + select _id + '.list .no-select' ) . addClass ( 'hide' ) ;
$ ( input _id ) . val ( $ ( this ) . data ( 'id' ) ) ;
@ -1538,7 +1542,7 @@ function searchUsers() {
$ . each ( response . data , function ( i , item ) {
var title = item . login ;
if ( item . full _name && item . full _name . length > 0 ) {
title += ' (' + item . full _name + ')' ;
title += ' (' + htmlEncode ( item . full _name ) + ')' ;
}
items . push ( {
title : title ,
@ -2813,7 +2817,7 @@ function initIssueList() {
// Parse the response from the api to work with our dropdown
$ . each ( response , function ( index , issue ) {
filteredResponse . results . push ( {
'name' : '#' + issue . number + ' ' + issue . title ,
'name' : '#' + issue . number + ' ' + htmlEncode ( issue . title ) ,
'value' : issue . id
} ) ;
} ) ;
zeripath
6 years ago
committed by
techknowlogick