Merge pull request #1022 from mrmr1993/HTMLEscaping

Fix HTML escaping issues
author: Phil Crosby 2014-04-18 09:48:10 -0700
committer: Phil Crosby 2014-04-18 09:48:10 -0700
commit: 42309a74a4f61c6855f92780485e47bc11973d8b (patch)
tree: 24ba8155f40bbac164f90403fd53b5a44fc1906c /background_scripts/completion.coffee
parent: ea9fd000fadf46bc7d53685716c3e5fe5056350a (diff)
parent: f454304f2750eb797b0e9683a87c1bdd354b1b17 (diff)
download: vimium-42309a74a4f61c6855f92780485e47bc11973d8b.tar.bz2
1 files changed, 3 insertions, 1 deletions
diff --git a/background_scripts/completion.coffee b/background_scripts/completion.coffee
index 92e325e1..8b30dc43 100644
--- a/background_scripts/completion.coffee
+++ b/background_scripts/completion.coffee
@@ -71,7 +71,9 @@ class Suggestion
   # Wraps each occurence of the query terms in the given string in a <span>.
   highlightTerms: (string) ->
     ranges = []
-    for term in @queryTerms
+    # Escape the terms before highlighting
+    escapedTerms = @queryTerms.map (oldTerm) -> Utils.escapeHtml(oldTerm)
+    for term in escapedTerms
       @pushMatchingRanges string, term, ranges
 
     return string if ranges.length == 0
author	Phil Crosby	2014-04-18 09:48:10 -0700
committer	Phil Crosby	2014-04-18 09:48:10 -0700
commit	42309a74a4f61c6855f92780485e47bc11973d8b (patch)
tree	24ba8155f40bbac164f90403fd53b5a44fc1906c /background_scripts/completion.coffee
parent	ea9fd000fadf46bc7d53685716c3e5fe5056350a (diff)
parent	f454304f2750eb797b0e9683a87c1bdd354b1b17 (diff)
download	vimium-42309a74a4f61c6855f92780485e47bc11973d8b.tar.bz2