It is still good to escape html tags not only for #177

2014-10-19 04:29:32 +04:00 · 2014-10-19 04:29:32 +04:00 · ae7429fb28
parent aa6da5f9ba
commit ae7429fb28
1 changed files with 1 additions and 1 deletions
--- a/util.js
+++ b/util.js
@ -44,7 +44,7 @@ var Util = (function (my) {
     * Escapes the given text.
     */
    my.escapeHtml = function (unsafeText) {
-        return $('<div/>').text(unsafeText).text();
+        return unsafeText.replace(/</g, '&lt;').replace(/>/g, '&gt;');
    };

    /**