</script> isn't escaped in network graph
Created by: davispuh
in Project Network Graph, commit messages are in javascript
but there's interesting special case for escaping </script>
for example if I've such commit message: fixed missing </script>
it will break graph totally
it's because text inside <script> (in HTML) are parsed in specific way and </script> is ending script block and making all next parsed as HTML
(look at "message":"fixed missing </script>")
<script>
//<![CDATA[
var chunk1={commits:[{"parents":[["756400df57485ee8df5418628adb404b236fb000",0,0]],"author":"D\u0101vis","time":8,"space":1,"refs":"master","id":"e4dbf8bfc539d46ff33b24f6241cc805608705a6","date":"2012-09-19T16:07:58+00:00","message":"fixed missing </script>","login":"davispuh@local"}]};
var days=[[19,"Sep"]];
initGraph();
$(function(){
branchGraph($("#holder")[0]);
initGraphNav();
});
//]]>
</script>interesting is that if page would be served as XHTML (XHTML5) this would perfectly work because CDATA wouldn't be parsed at all..
this can be fixed if we escape </script> with <\/script> or even / with \/