lib/tree_html.rb in tree_html-0.1.8 vs lib/tree_html.rb in tree_html-0.1.9

@@ -1,6 +1,7 @@
 require "tree_html/version"
+require "cgi"
 
 module TreeHtml
 
   NO_DATA_IN_A = {}.freeze
   NO_CHECKBOX = "<label class='placeholder'></label>".freeze
@@ -9,10 +10,14 @@
   Css = File.read File.expand_path('../tree_html/tree_html.css', __FILE__)
   Js = Dir.glob("#{File.expand_path(__dir__)}/tree_html/*.js").map{|f| File.read f }.join(';')
 
   class ::Object
     def li_for_tree_html
-      "<li>#{NO_CHECKBOX}<a>#{to_s}</a></li>"
+      "<li>#{NO_CHECKBOX}<a>#{label_for_tree_html}</a></li>"
+    end
+
+    def label_for_tree_html
+      CGI::escapeHTML(to_s)
     end
   end
 
   def tree_html
     "<ul class='tree-html'>#{li_for_tree_html}</ul>"