FIX: Title text should be correctly escaped since we are generating a raw html.

This commit is contained in:
Harry Seo 2013-12-18 12:18:59 +09:00
parent 39a360f6e3
commit dfc95d0f6f

View File

@ -289,7 +289,7 @@ Handlebars.registerHelper('number', function(property, options) {
var result = "<span class='" + classNames + "'"; var result = "<span class='" + classNames + "'";
if (n !== title) { if (n !== title) {
result += " title='" + title + "'"; result += " title='" + Handlebars.Utils.escapeExpression(title) + "'";
} }
result += ">" + n + "</span>"; result += ">" + n + "</span>";