Add HTML escaping to templating in src.template.js

2025-04-13 07:17:12 +03:00 · 2016-10-26 13:01:10 +02:00 · 2016-10-26 13:01:10 +02:00 · 218c28f30e
commit 218c28f30e
parent 062abeb86a
1 changed files with 2 additions and 2 deletions
--- a/src/renderer/src.template.js
+++ b/src/renderer/src.template.js
@ -10,9 +10,9 @@ TEMPLATE.prototype.apply = function(obj, processor){
    
    if (processor){
      var updated = processor(match, value);
-      return typeof updated === "undefined" ? value : updated;
+      return typeof updated === "undefined" ? DOM.escapeHTML(value) : updated;
    }
    
-    return value;
+    return DOM.escapeHTML(value);
  });
 };