diff --git a/js/Util.js b/js/Util.js
index c3f2a3b..17923b4 100644
--- a/js/Util.js
+++ b/js/Util.js
@@ -97,5 +97,14 @@ BR.Util = {
}
return true;
+ },
+
+ // this method must only be used to sanitize for textContent.
+ // do NOT use it to sanitize any attribute,
+ // see https://web.archive.org/web/20121208091505/http://benv.ca/2012/10/4/you-are-probably-misusing-DOM-text-methods/
+ sanitizeHTMLContent: function(str) {
+ var temp = document.createElement('div');
+ temp.textContent = str;
+ return temp.innerHTML;
}
};
diff --git a/js/plugin/POIMarkers.js b/js/plugin/POIMarkers.js
index 5d82f06..c47990d 100644
--- a/js/plugin/POIMarkers.js
+++ b/js/plugin/POIMarkers.js
@@ -87,21 +87,12 @@ BR.PoiMarkers = L.Control.extend({
},
addMarker: function(latlng, name) {
- // this method must only be used to sanitize for textContent.
- // do NOT use it to sanitize any attribute,
- // see https://web.archive.org/web/20121208091505/http://benv.ca/2012/10/4/you-are-probably-misusing-DOM-text-methods/
- var sanitizeHTMLContent = function(str) {
- var temp = document.createElement('div');
- temp.textContent = str;
- return temp.innerHTML;
- };
-
var icon = L.VectorMarkers.icon({
icon: 'star',
markerColor: BR.conf.markerColors.poi
});
- var content = sanitizeHTMLContent(name) + '
';
+ var content = BR.Util.sanitizeHTMLContent(name) + '
';
content += "";
var self = this;
diff --git a/js/plugin/RouteLoaderConverter.js b/js/plugin/RouteLoaderConverter.js
index 05de571..bf9b5ca 100644
--- a/js/plugin/RouteLoaderConverter.js
+++ b/js/plugin/RouteLoaderConverter.js
@@ -284,7 +284,7 @@ BR.routeLoader = function(map, layersControl, routing, pois) {
addTrackOverlay: function(geoJSON) {
this._trackLayer = L.geoJSON(geoJSON, BR.Track.getGeoJsonOptions(layersControl)).addTo(map);
- layersControl.addOverlay(this._trackLayer, this._layerName);
+ layersControl.addOverlay(this._trackLayer, BR.Util.sanitizeHTMLContent(this._layerName));
this._bounds = this._trackLayer.getBounds();