Escape text when presenting search results

2017-06-07 16:22:36 +02:00 · 2017-06-07 16:22:36 +02:00 · 31b71eb244
commit 31b71eb244
parent 1ce4654673
1 changed files with 6 additions and 4 deletions
--- a/src/scripts/tutti/4_search.js
+++ b/src/scripts/tutti/4_search.js
@ -28,6 +28,10 @@ $(document).ready(function() {
 					hitPicture += (hit.media ? '<i class="pi-' + hit.media + '"></i>' : '<i class="dark pi-'+ hit.node_type + '"></i>');
 					hitPicture += '</div>';
 				};
+				var $span = $('<span>').addClass('project').text(hit.project.name);
+				var $searchHitName = $('<div>').addClass('search-hit-name')
+					.attr('title', hit.name)
+					.text(hit.name);

 				return '' +
 					'<a href="/nodes/'+ hit.objectID + '/redir" class="search-site-result" id="'+ hit.objectID + '">' +
@ -36,11 +40,9 @@ $(document).ready(function() {
 								hitPicture +
 								hitFree +
 							'</div>' +
-							'<div class="search-hit-name" title="' + hit.name + '">' +
-								hit.name + ' ' +
-							'</div>' +
+							$searchHitName.html() +
 							'<div class="search-hit-meta">' +
-								'<span class="project">' + hit.project.name + '</span> · ' +
+								$span.html() + ' · ' +
 								'<span class="node_type">' + hit.node_type + '</span>' +
 								hitMedia +
 							'</div>' +