diff options
Diffstat (limited to 'js/rss-feed-preview.js')
| -rw-r--r-- | js/rss-feed-preview.js | 17 |
1 files changed, 15 insertions, 2 deletions
diff --git a/js/rss-feed-preview.js b/js/rss-feed-preview.js index 8d74709..2929622 100644 --- a/js/rss-feed-preview.js +++ b/js/rss-feed-preview.js @@ -90,6 +90,17 @@ return null; }; + const escapeHTML = (str) => { + return String(str).replace(/[&<>"'/]/g, (c) => ({ + '&': '&', + '<': '<', + '>': '>', + '"': '"', + "'": ''', + '/': '/' + }[c])); + }; + const renderFeedItems = (previewEl, items, siteName) => { if (!items || items.length === 0) { previewEl.innerHTML = '<p>No feed items found.</p>'; @@ -99,13 +110,15 @@ let html = `<h3>Latest from ${siteName}</h3><ul style="list-style: none; padding: 0; margin: 0;">`; items.forEach(item => { + const safeTitle = escapeHTML(item.title); + const safeDate = escapeHTML(new Date(item.date).toLocaleDateString()); html += ` <li style="margin-bottom: 10px; padding-bottom: 10px; border-bottom: 1px solid #eee;"> <div style="color: #24292e; font-weight: bold;"> - ${item.title} + ${safeTitle} </div> <div style="color: #586069; font-size: 12px; margin: 3px 0;"> - ${new Date(item.date).toLocaleDateString()} + ${safeDate} </div> </li> `; |