diff options
-rw-r--r-- | static/user/user-additions.js | 15 |
1 files changed, 12 insertions, 3 deletions
diff --git a/static/user/user-additions.js b/static/user/user-additions.js index 3b39b3ad..6d944b86 100644 --- a/static/user/user-additions.js +++ b/static/user/user-additions.js @@ -1,12 +1,21 @@ window.formatters.set('description', (el, d) => { if (/<br\/?>/.exec(d)) { - /* Assume that the text is HTML iff in contains a <br/> tag */ + /* Assume that the text is HTML iff it contains a <br/> tag */ let parser = new DOMParser(); let doc = parser.parseFromString(d, 'text/html'); el.replaceChildren(doc.body); } else { - /* Otherwise it should be plain(er) text, parse "all" links */ - el.innerHTML = d.replaceAll(/https?:\/\/\S+/g, '<a href="$&">$&</a>'); + /* Otherwise it should be plain(er) text, parse "all" links + (and reserved XML characters) + */ + // TODO replace with something that doesn't use innerHTML */ + el.innerHTML = d + .replaceAll(/</g, '<') + .replaceAll(/>/g, '>') + .replaceAll(/&/g, '&') + .replaceAll(/'/g, ''') + .replaceAll(/"/g, '"') + .replaceAll(/https?:\/\/\S+/g, '<a href="$&">$&</a>') } }) |