From 5e9ed0c8cb9ced0854286a9ad51e0ec763360a0a Mon Sep 17 00:00:00 2001 From: Pranav Kant Date: Tue, 6 Jun 2017 18:21:24 +0530 Subject: [PATCH] Allow links in comments Change-Id: I033ab7fe09ece8da10bc61fc2102cce80c1e24b0 --- loleaflet/src/layer/marker/Annotation.js | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/loleaflet/src/layer/marker/Annotation.js b/loleaflet/src/layer/marker/Annotation.js index 8b3e0653c..e60c43791 100644 --- a/loleaflet/src/layer/marker/Annotation.js +++ b/loleaflet/src/layer/marker/Annotation.js @@ -286,8 +286,14 @@ L.Annotation = L.Layer.extend({ }, _updateContent: function () { - var linkedText = Autolinker.link(this._data.text); - $(this._contentText).text(linkedText); + // .text() method will escape the string, does not interpret the string as HTML + $(this._contentText).text(this._data.text); + // Get the escaped HTML out and find for possible, useful links + var linkedText = Autolinker.link($(this._contentText).html()); + // Set the property of text field directly. This is insecure otherwise because it doesn't escape the input + // But we have already escaped the input before and only thing we are adding on top of that is Autolinker + // generated text. + this._contentText.innerHTML = linkedText; // Original unlinked text this._contentText.origText = this._data.text; $(this._nodeModifyText).text(this._data.text);