Skip to content
This repository was archived by the owner on Jun 12, 2018. It is now read-only.

Commit a0c620a

Browse files
author
James Yu
committed
escape content
1 parent 86d10e9 commit a0c620a

File tree

3 files changed

+1346
-810
lines changed

3 files changed

+1346
-810
lines changed

index.html

+3-3
Original file line numberDiff line numberDiff line change
@@ -5,7 +5,7 @@
55
<title>Parse JavaScript Todo App</title>
66
<link href="css/todos.css" media="all" rel="stylesheet" type="text/css"/>
77
<script src="http://code.jquery.com/jquery-2.0.3.min.js"></script>
8-
<script src="js/underscore-1.1.6.js"></script>
8+
<script src="js/underscore.js"></script>
99
<script src="http://www.parsecdn.com/js/parse-1.2.13.min.js"></script>
1010
<script src="js/todos.js"></script>
1111
</head>
@@ -79,10 +79,10 @@ <h2>Sign Up</h2>
7979
<li class="<%= done ? 'completed' : '' %>">
8080
<div class="view">
8181
<input class="toggle" type="checkbox" <%= done ? 'checked="checked"' : '' %>>
82-
<label class="todo-content"><%= content %></label>
82+
<label class="todo-content"><%= _.escape(content) %></label>
8383
<button class="todo-destroy"></button>
8484
</div>
85-
<input class="edit" value="<%= content %>">
85+
<input class="edit" value="<%= _.escape(content) %>">
8686
</li>
8787
</script>
8888

0 commit comments

Comments
 (0)