Laura/Medina: Escape & character in the restricted fields

thenano · Sep 29, 2016 · 62d90d7 · 62d90d7
1 parent d2d8e83
commit 62d90d7
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 3 deletions.
diff --git a/spec/util/inputSanitizer-spec.js b/spec/util/inputSanitizer-spec.js
@@ -10,7 +10,7 @@ describe('InputSanitizer', function(){
             Name: "Hello <script>alert('dangerous');</script>there <h1>blip</h1>",
             description: description,
             cycle: '<a href="/asd">Adopt</a>',
-            quadrant: '<strong>techniques</strong>',
+            quadrant: '<strong>techniques & tools</strong>',
             isNew: 'true<br>'
         };
 
@@ -34,6 +34,6 @@ describe('InputSanitizer', function(){
     });
 
     it('strips out all tags from blip quadrant', function(){
-        expect(blip.quadrant).toEqual("techniques");
+        expect(blip.quadrant).toEqual("techniques & tools");
     });
 });
diff --git a/src/util/inputSanitizer.js b/src/util/inputSanitizer.js
@@ -11,7 +11,10 @@ const InputSanitizer = function () {
 
     var restrictedOptions = {
         allowedTags: [],
-        allowedAttributes: {}
+        allowedAttributes: {},
+        textFilter: function(text) {
+              return text.replace(/&amp;/, '&');
+            }
     };
 
     var self = {};