Skip to content

Instantly share code, notes, and snippets.

@lexander

lexander/pinterest_noDescription.js

Created April 16, 2012 14:32
Show Gist options
  • Save lexander/2399151 to your computer and use it in GitHub Desktop.
Save lexander/2399151 to your computer and use it in GitHub Desktop.
Download ZIP
.noDescription click handler fix
Raw
pinterest_noDescription.js
$('.noDescription').live('click', function() {
var form = $('<div class="Form" id="editDescription"></div>');
var textarea = $('<textarea></textarea>');
var charCount = $('<div class="CharacterCount"></div>');
var button = $('<a class="Button11 Button RedButton editDescription" href="#"><strong>Save Description</strong><span></span></a>');
trackGAEvent('about_field', 'expanded', 'profile');
form.append(textarea).append(button).append(charCount);
$('.noDescription').replaceWith(form);
collapseEditWebsite();
collapseEditLocation();
// Character count
CharacterCount.truncateData("#editDescription textarea", 200);
CharacterCount.setup('#editDescription textarea', '#editDescription .CharacterCount', '#editDescription .Button', 200);
textarea.focus();
button.click(function() {
if (!button.hasClass('disabled')) {
var about = $('#editDescription textarea').val();
trackGAEvent('about_field', 'clicked', 'profile');
$.post('/settings/about/',
{ about : about },
function(data) {
if (data.status == 'ok') {
trackGAEvent('about_field', 'success', 'profile');
// create a 'p' tag & use text() to html-encode the
// string before redisplaying it to the user
$('#editDescription').replaceWith($("<p class='colormuted' />").text(about));
// live version of the code below
//$('#editDescription').replaceWith('<p class="colormuted">' + about + '</p>');
}
}
);
}
});
});
@lexander
Copy link
Author

Small change to Pinterest's click handler for a user's description that properly encodes input to prevent malicious injections.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment