incubator-allura-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From john...@apache.org
Subject git commit: [#6889] use .text() instead of .html() to avoid html insertion of end-user input
Date Mon, 18 Nov 2013 15:45:52 GMT
Updated Branches:
  refs/heads/master 2f8d3446c -> 3a82e9de5


[#6889] use .text() instead of .html() to avoid html insertion of end-user input


Project: http://git-wip-us.apache.org/repos/asf/incubator-allura/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-allura/commit/3a82e9de
Tree: http://git-wip-us.apache.org/repos/asf/incubator-allura/tree/3a82e9de
Diff: http://git-wip-us.apache.org/repos/asf/incubator-allura/diff/3a82e9de

Branch: refs/heads/master
Commit: 3a82e9de57a45d54888a0b84389a308fbc266887
Parents: 2f8d344
Author: Dave Brondsema <dbrondsema@slashdotmedia.com>
Authored: Mon Nov 18 15:32:41 2013 +0000
Committer: Dave Brondsema <dbrondsema@slashdotmedia.com>
Committed: Mon Nov 18 15:32:41 2013 +0000

----------------------------------------------------------------------
 Allura/allura/lib/widgets/forms.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/3a82e9de/Allura/allura/lib/widgets/forms.py
----------------------------------------------------------------------
diff --git a/Allura/allura/lib/widgets/forms.py b/Allura/allura/lib/widgets/forms.py
index bf96445..4e1dae4 100644
--- a/Allura/allura/lib/widgets/forms.py
+++ b/Allura/allura/lib/widgets/forms.py
@@ -920,7 +920,7 @@ class NeighborhoodAddProjectForm(ForgeForm):
                             };
                             $.getJSON('suggest_name', data, function(result){
                                 $unixname_input.val(result.suggested_name);
-                                $url_fragment.html(result.suggested_name);
+                                $url_fragment.text(result.suggested_name);
                                 check_names();
                             });
                         } else {
@@ -932,7 +932,7 @@ class NeighborhoodAddProjectForm(ForgeForm):
                     manual = true;
                 });
                 $unixname_input.keyup(function(){
-                    $url_fragment.html($unixname_input.val());
+                    $url_fragment.text($unixname_input.val());
                     delay(check_names, 500);
                 });
             });


Mime
View raw message