Fix DFL-3513: CDATA section breaks DOM and Scripts.

Author: hzr

src/ecma-debugger/helpers.js

@@ -115,22 +115,28 @@ window.cls.Helpers = function()
 
   this.escapeTextHtml = (function()
   {
-    var re_amp = /&/g, re_lt = /</g;
+    var re_amp = /&/g;
+    var re_lt = /</g;
+    var re_cd_end = /]]>/g;
     return function(str)
     {
-      return str ? str.replace(re_amp, "&amp;").replace(re_lt, "&lt;") : str;
+      return str ? str.replace(re_amp, "&amp;")
+                      .replace(re_lt, "&lt;")
+                      .replace(re_cd_end, "]]&gt;")
+                 : str;
     }
   })();
 
   this.escapeAttributeHtml = (function()
   {
-    var re_amp = /&/g, re_lt = /</g, re_quot = /"/g, re_s_quot = /'/g;
+    var re_quot = /"/g;
+    var re_apos = /'/g;
     return function(str)
     {
-      return str.replace(re_amp, "&amp;")
-                .replace(re_lt, "&lt;")
-                .replace(re_quot, "&quot;")
-                .replace(re_s_quot, "&#x27;");
+      return str ? this.escapeTextHtml(str)
+                       .replace(re_quot, "&quot;")
+                       .replace(re_apos, "&#x27;")
+                 : str;
     }
   })();
 

src/syntaxhighlight/js/tokenizer.js

@@ -57,7 +57,7 @@ cls.SimpleJSParser.prototype = new function()
     * @param {String} script_source The script string.
     * @param {Function} ontoken. Signature of the callback is (token_type, token).
     * @param {String} escape. Optional. Currently supports only "html"
-    * to escape "<" and "&" to "&lt;" and "&amp;".
+    * to escape "<", ">" and "&" to "&lt;", "&gt;" (for ]]>) and "&amp;".
     */
   this.tokenize = function(script_source, ontoken, escape, start_state){};
 
@@ -355,6 +355,7 @@ cls.SimpleJSParser.prototype = new function()
   var ESCAPE =
   {
     '<': '&lt;',
+    '>': '&gt;',
     '&': '&amp;'
   }
   var default_parser=function(c)