diff --git a/app/helpers/github.js b/app/helpers/github.js index 6c1cffc..6f95415 100644 --- a/app/helpers/github.js +++ b/app/helpers/github.js @@ -15,6 +15,16 @@ const redis = require("redis"); const messageSlack = local("/app/helpers/slack"); const relativeDate = local("/app/modules/relative-date"); +String.prototype.escape = function() { + const tagsToReplace = { + "&": "&", + "<": "<", + ">": ">" + }; + + return this.replace(/[&<>]/g, tag => tagsToReplace[tag] || tag); +}; + // R E D I S let client; @@ -132,7 +142,7 @@ function generateEvent(event) { rel="noopener noreferrer" target="_blank" title="View this comment on GitHub" - >${event.payload.issue.title} in + >${event.payload.issue.title.escape()} in `; } else { return ` @@ -143,7 +153,7 @@ function generateEvent(event) { rel="noopener noreferrer" target="_blank" title="View this comment on GitHub" - >${event.payload.issue.title} in + >${event.payload.issue.title.escape()} in `; } @@ -161,7 +171,7 @@ function generateEvent(event) { rel="noopener noreferrer" target="_blank" title="View this issue on GitHub" - >${event.payload.issue.title} in + >${event.payload.issue.title.escape()} in `; case "PullRequestEvent": @@ -178,7 +188,7 @@ function generateEvent(event) { rel="noopener noreferrer" target="_blank" title="View this pull request on GitHub" - >${event.payload.pull_request.title} in + >${event.payload.pull_request.title.escape()} in `; case "PullRequestReviewCommentEvent": @@ -195,7 +205,7 @@ function generateEvent(event) { rel="noopener noreferrer" target="_blank" title="View this comment on GitHub" - >${event.payload.pull_request.title} in + >${event.payload.pull_request.title.escape()} in `; case "PushEvent":