Upstream improvements (#26)

* Fixes event triggering from within angular

* Fix the gulpfile watchers

* Add support for escaping highlight html

Author: JacobMarshallPP

dist/mention.js

@@ -81,6 +81,16 @@ angular.module('ui.mention').controller('uiMention', ["$element", "$scope", "$at
     };
   };
 
+  var temp = document.createElement('span');
+  function parseContentAsText(content) {
+    try {
+      temp.textContent = content;
+      return temp.innerHTML;
+    } finally {
+      temp.textContent = null;
+    }
+  }
+
   /**
    * $mention.render()
    *
@@ -93,6 +103,8 @@ angular.module('ui.mention').controller('uiMention', ["$element", "$scope", "$at
     var html = arguments.length <= 0 || arguments[0] === undefined ? ngModel.$modelValue : arguments[0];
 
     html = (html || '').toString();
+    // Convert input to text, to prevent script injection/rich text
+    html = parseContentAsText(html);
     _this2.mentions.forEach(function (mention) {
       html = html.replace(_this2.encode(mention), _this2.highlight(mention));
     });
@@ -284,7 +296,9 @@ angular.module('ui.mention').controller('uiMention', ["$element", "$scope", "$at
       _this2.cancel();
     }
 
-    $scope.$apply();
+    if (!$scope.$$phase) {
+      $scope.$apply();
+    }
   });
 
   $element.on('keydown', function (event) {
@@ -311,7 +325,9 @@ angular.module('ui.mention').controller('uiMention', ["$element", "$scope", "$at
     _this2.moved = true;
     event.preventDefault();
 
-    $scope.$apply();
+    if (!$scope.$$phase) {
+      $scope.$apply();
+    }
   });
 
   this.onMouseup = (function (event) {

dist/mention.min.js

@@ -32,13 +32,13 @@ gulp.task('default', ['scripts']);
 gulp.task('example', ['scripts:example', 'styles:example']);
 
 gulp.task('watch', function(){
-  gulp.watch(paths.scripts.src, 'scripts');
-  gulp.watch(paths.styles.src, 'styles');
+  gulp.watch(paths.scripts.src, ['scripts']);
+  gulp.watch(paths.styles.src, ['styles']);
 });
 
 gulp.task('watch:example', function(){
-  gulp.watch(paths.example.scripts.src, 'scripts:example');
-  gulp.watch(paths.example.styles.src, 'styles:example');
+  gulp.watch(paths.example.scripts.src, ['scripts:example']);
+  gulp.watch(paths.example.styles.src, ['styles:example']);
 });
 
 gulp.task('scripts', scripts(paths.scripts));

gulpfile.js

@@ -59,6 +59,16 @@ angular.module('ui.mention')
     };
   };
 
+  var temp = document.createElement('span');
+  function parseContentAsText(content) {
+    try {
+      temp.textContent = content;
+      return temp.innerHTML;
+    } finally {
+      temp.textContent = null;
+    }
+  }
+
   /**
    * $mention.render()
    *
@@ -69,6 +79,8 @@ angular.module('ui.mention')
    */
   this.render = (html = ngModel.$modelValue) => {
     html = (html || '').toString();
+    // Convert input to text, to prevent script injection/rich text
+    html = parseContentAsText(html);
     this.mentions.forEach( mention => {
       html = html.replace(this.encode(mention), this.highlight(mention));
     });
@@ -257,7 +269,9 @@ angular.module('ui.mention')
       this.cancel();
     }
 
-    $scope.$apply();
+    if (!$scope.$$phase) {
+      $scope.$apply();
+    }
   });
 
   $element.on('keydown', event => {
@@ -282,7 +296,9 @@ angular.module('ui.mention')
     this.moved = true;
     event.preventDefault();
 
-    $scope.$apply();
+    if (!$scope.$$phase) {
+      $scope.$apply();
+    }
   });