}
var contentHTML;
if (feature.cluster[0].attributes.name) {
+ // escaping name is necessary because it's not enclosed in another html tag.
contentHTML = "<h2>" +
- feature.cluster[0].attributes.name +
+ SYP.Utils.escapeHTML(feature.cluster[0].attributes.name) +
"</h2>" +
feature.cluster[0].attributes.description;
} else {
}
div.style.display = "block";
div.appendChild(textNode);
+ },
+
+ escapeHTML: function (str) {
+ if (!str) {
+ return "";
+ }
+ return str.
+ replace(/&/gm, '&').
+ replace(/'/gm, ''').
+ replace(/"/gm, '"').
+ replace(/>/gm, '>').
+ replace(/</gm, '<');
}
}
};