escape html

2012-09-02 00:29:48 -07:00
parent 7007814638
commit d22feb1b8b
1 changed files with 12 additions and 12 deletions
--- a/lms/templates/discussion/_underscore_templates.html
+++ b/lms/templates/discussion/_underscore_templates.html
@@ -26,19 +26,19 @@
 </script>

 <script type="text/template" id="thread-template">
-    <article class="discussion-article" data-id="${'<%= id %>'}">
+    <article class="discussion-article" data-id="${'<%- id %>'}">
        <a href="#" class="dogear"></a>
        <div class="discussion-post">
            <header>
-                <a href="#" class="vote-btn discussion-vote discussion-vote-up"><span class="plus-icon">+</span> <span class='votes-count-number'>${'<%= votes["up_count"] %>'}</span></a>
-                <h1>${'<%= title %>'}</h1>
+                <a href="#" class="vote-btn discussion-vote discussion-vote-up"><span class="plus-icon">+</span> <span class='votes-count-number'>${'<%- votes["up_count"] %>'}</span></a>
+                <h1>${'<%- title %>'}</h1>
                <p class="posted-details">
-                    <span class="timeago" title="${'<%= created_at %>'}">sometime</span> by
-                    <a href="${'<%= user_url %>'}">${'<%= username %>'}</a>
+                    <span class="timeago" title="${'<%- created_at %>'}">sometime</span> by
+                    <a href="${'<%- user_url %>'}">${'<%- username %>'}</a>
                </p>
            </header>
            <div class="post-body">
-                ${'<%= body %>'}
+                ${'<%- body %>'}
            </div>
        </div>
        <ol class="responses">
@@ -57,11 +57,11 @@

 <script type="text/template" id="thread-response-template">
    <header>
-        <a href="#" class="vote-btn" data-tooltip="vote"><span class="plus-icon"></span><span class="votes-count-number">${"<%= votes['up_count'] %>"}</span></a>
-        <a href="${'<%= user_url %>'}" class="posted-by">${"<%= username %>"}</a>
-        <p class="posted-details" title="${'<%= created_at %>'}">Sometime</p>
+        <a href="#" class="vote-btn" data-tooltip="vote"><span class="plus-icon"></span><span class="votes-count-number">${"<%- votes['up_count'] %>"}</span></a>
+        <a href="${'<%- user_url %>'}" class="posted-by">${"<%- username %>"}</a>
+        <p class="posted-details" title="${'<%- created_at %>'}">Sometime</p>
    </header>
-    <div class="response-body">${"<%= body %>"}</div>
+    <div class="response-body">${"<%- body %>"}</div>
    <ol class="comments">
        <li>
            <form class="comment-form">
@@ -72,9 +72,9 @@
 </script>

 <script type="text/template" id="response-comment-template">
-  <p>${'<%= body %>'}<span class="posted-details">–posted <span class="timeago" title="${'<%= created_at %>'}">sometime</span> by <a href="${'<%= user_url %>'}">${'<%= username %>'}</a></span></p>
+  <p>${'<%- body %>'}<span class="posted-details">–posted <span class="timeago" title="${'<%- created_at %>'}">sometime</span> by <a href="${'<%- user_url %>'}">${'<%- username %>'}</a></span></p>
 </script>

 <script type="text/template" id="thread-list-item-template">
-    <a href="${'<%= id %>'}" data-id="${'<%= id %>'}"><span class="title">${"<%= title %>"}</span> <span class="comments-count">${"<%= comments_count %>"}</span><span class="votes-count">+${"<%= votes['up_count'] %>"}</span></a>
+    <a href="${'<%- id %>'}" data-id="${'<%- id %>'}"><span class="title">${"<%- title %>"}</span> <span class="comments-count">${"<%- comments_count %>"}</span><span class="votes-count">+${"<%- votes['up_count'] %>"}</span></a>
 </script>