Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Merge pull request #107 from operasoftware/escape-control-characters

Fix DFL-3650 - need to escape control characters before parsing with innerHTML
  • Loading branch information...
commit 63f57d136266f76d55f6e6c8e4bf7dfe12600267 2 parents 6d79eed + 912139a
@hzr hzr authored
View
7 src/ecma-debugger/helpers.js
@@ -118,11 +118,18 @@ window.cls.Helpers = function()
var re_amp = /&/g;
var re_lt = /</g;
var re_cd_end = /]]>/g;
+ var re_control_characters = /[\u0000-\u0008\u000b\u000c\u000e-\u001f]/g;
return function(str)
{
return str ? str.replace(re_amp, "&amp;")
.replace(re_lt, "&lt;")
.replace(re_cd_end, "]]&gt;")
+ .replace(re_control_characters, function(c) {
+ // We can't set innerHTML with these characters in XML.
+ // Just replace them with blank, since they are very
+ // seldomly used.
+ return "";
+ })
: str;
}
})();
View
33 src/syntaxhighlight/js/tokenizer.js
@@ -356,7 +356,38 @@ cls.SimpleJSParser.prototype = new function()
{
'<': '&lt;',
'>': '&gt;',
- '&': '&amp;'
+ '&': '&amp;',
+ // The following control characters need to be escaped in XML.
+ // U+0000-U+001F excluding U+0009, U+000A and U+000D.
+ '\u0000': '<span style="content: \'\\0000\'">␀</span>',
+ '\u0001': '<span style="content: \'\\0001\'">␁</span>',
+ '\u0002': '<span style="content: \'\\0002\'">␂</span>',
+ '\u0003': '<span style="content: \'\\0003\'">␃</span>',
+ '\u0004': '<span style="content: \'\\0004\'">␄</span>',
+ '\u0005': '<span style="content: \'\\0005\'">␅</span>',
+ '\u0006': '<span style="content: \'\\0006\'">␆</span>',
+ '\u0007': '<span style="content: \'\\0007\'">␇</span>',
+ '\u0008': '<span style="content: \'\\0008\'">␈</span>',
+ '\u000b': '<span style="content: \'\\000b\'">␋</span>',
+ '\u000c': '<span style="content: \'\\000c\'">␌</span>',
+ '\u000e': '<span style="content: \'\\000e\'">␎</span>',
+ '\u000f': '<span style="content: \'\\000f\'">␏</span>',
+ '\u0010': '<span style="content: \'\\0010\'">␐</span>',
+ '\u0011': '<span style="content: \'\\0011\'">␑</span>',
+ '\u0012': '<span style="content: \'\\0012\'">␒</span>',
+ '\u0013': '<span style="content: \'\\0013\'">␓</span>',
+ '\u0014': '<span style="content: \'\\0014\'">␔</span>',
+ '\u0015': '<span style="content: \'\\0015\'">␕</span>',
+ '\u0016': '<span style="content: \'\\0016\'">␖</span>',
+ '\u0017': '<span style="content: \'\\0017\'">␗</span>',
+ '\u0018': '<span style="content: \'\\0018\'">␘</span>',
+ '\u0019': '<span style="content: \'\\0019\'">␙</span>',
+ '\u001a': '<span style="content: \'\\001a\'">␚</span>',
+ '\u001b': '<span style="content: \'\\001b\'">␛</span>',
+ '\u001c': '<span style="content: \'\\001c\'">␜</span>',
+ '\u001d': '<span style="content: \'\\001d\'">␝</span>',
+ '\u001e': '<span style="content: \'\\001e\'">␞</span>',
+ '\u001f': '<span style="content: \'\\001f\'">␟</span>'
}
var default_parser=function(c)
{
Please sign in to comment.
Something went wrong with that request. Please try again.