From bcdc904843d09ab686a1e380019bfdf2f145a665 Mon Sep 17 00:00:00 2001
From: Thomas Rix <tom@rixth.org>
Date: Wed, 2 Jan 2013 20:55:09 -0800
Subject: [PATCH] Escape github repo descriptions, as they may contain HTML.

---
 .themes/classic/source/javascripts/github.js | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/.themes/classic/source/javascripts/github.js b/.themes/classic/source/javascripts/github.js
index 9e98b8c..27a5a23 100644
--- a/.themes/classic/source/javascripts/github.js
+++ b/.themes/classic/source/javascripts/github.js
@@ -1,9 +1,12 @@
 var github = (function(){
+  function escapeHtml(str) {
+    return $('<div/>').text(str).html();
+  }
   function render(target, repos){
     var i = 0, fragment = '', t = $(target)[0];
 
     for(i = 0; i < repos.length; i++) {
-      fragment += '<li><a href="'+repos[i].html_url+'">'+repos[i].name+'</a><p>'+(repos[i].description||'')+'</p></li>';
+      fragment += '<li><a href="'+repos[i].html_url+'">'+repos[i].name+'</a><p>'+escapeHtml(repos[i].description||'')+'</p></li>';
     }
     t.innerHTML = fragment;
   }