Fix for DFL-3303: escape_input() doesn't escape enough characters.

David Håsäther · David Håsäther · commit e776156084b9 · 2012-07-03T14:32:20.000+02:00
diff --git a/src/ecma-debugger/dominspection/attrandtextditor.js b/src/ecma-debugger/dominspection/attrandtextditor.js
@@ -7,7 +7,7 @@ var DOMAttrAndTextEditor = function(nav_filters)
 {
   var crlf_encode = function(str)
   {
-    return helpers.escape_input(str).replace(/\r\n/g, "\\n");
+    return helpers.escape_input(str.replace(/\r\n/g, "\n"));
   }
 
   this._onmonospacefontchange = function(msg)
diff --git a/src/ecma-debugger/dominspection/markupeditor.js b/src/ecma-debugger/dominspection/markupeditor.js
@@ -207,7 +207,7 @@ var DOMMarkupEditor = function()
 
   var encode = function(str)
   {
-    return helpers.escape_input(str).replace(/\r\n/g, "\\n");
+    return helpers.escape_input(str.replace(/\r\n/g, "\n"));
   };
 
   // class on the host side to update the given DOM range
diff --git a/src/ecma-debugger/helpers.js b/src/ecma-debugger/helpers.js
@@ -139,14 +139,23 @@ window.cls.Helpers = function()
    */
   this.escape_input = (function()
   {
-    var re_escape_char = /\\/g;
-    var re_quot_mark = /"/g;
+    var regexps = [
+      [/\\/g, "\\\\"],
+      [/"/g, "\\\""],
+      [/'/g, "\\'"],
+      [/\n/g, "\\n"],
+      [/\r/g, "\\r"],
+      [/\u2028/g, "\\u2028"],
+      [/\u2029/g, "\\u2029"]
+    ];
 
     return function escape_input(str)
     {
-      // Need to double escape since this is a string inside a string
-      return str.replace(re_escape_char, "\\\\")
-                .replace(re_quot_mark, "\\\"");
+      for (var i = 0, re; re = regexps[i]; i++)
+      {
+        str = str.replace(re[0], re[1]);
+      }
+      return str;
     }
   })();
 
diff --git a/src/style/newstyle.js b/src/style/newstyle.js
@@ -45,7 +45,7 @@ cls.NewStyle = function(id, name, container_class)
     {
       rt_style.css_text = this._textarea.value;
       var script = "try{style.textContent = \"" +
-                     window.helpers.escape_input(rt_style.css_text).replace(/\r?\n/g, "") +
+                     window.helpers.escape_input(rt_style.css_text.replace(/\r\n/g, "\n")) +
                    "\";}catch(e){};";
       var tag = this._tag_manager.set_callback(this, window.element_style.update);
       this._es_debugger.requestEval(tag,

Original file line number	Diff line number	Diff line change
`@@ -7,7 +7,7 @@ var DOMAttrAndTextEditor = function(nav_filters)`
`7`	`7`	`{`
`8`	`8`	`var crlf_encode = function(str)`
`9`	`9`	`{`
`10`		`- return helpers.escape_input(str).replace(/\r\n/g, "\\n");`
	`10`	`+ return helpers.escape_input(str.replace(/\r\n/g, "\n"));`
`11`	`11`	`}`
`12`	`12`
`13`	`13`	`this._onmonospacefontchange = function(msg)`
Original file line number	Diff line number	Diff line change
`@@ -207,7 +207,7 @@ var DOMMarkupEditor = function()`
`207`	`207`
`208`	`208`	`var encode = function(str)`
`209`	`209`	`{`
`210`		`- return helpers.escape_input(str).replace(/\r\n/g, "\\n");`
	`210`	`+ return helpers.escape_input(str.replace(/\r\n/g, "\n"));`
`211`	`211`	`};`
`212`	`212`
`213`	`213`	`// class on the host side to update the given DOM range`
Original file line number	Diff line number	Diff line change
`@@ -45,7 +45,7 @@ cls.NewStyle = function(id, name, container_class)`
`45`	`45`	`{`
`46`	`46`	`rt_style.css_text = this._textarea.value;`
`47`	`47`	`var script = "try{style.textContent = \"" +`
`48`		`- window.helpers.escape_input(rt_style.css_text).replace(/\r?\n/g, "") +`
	`48`	`+ window.helpers.escape_input(rt_style.css_text.replace(/\r\n/g, "\n")) +`
`49`	`49`	`"\";}catch(e){};";`
`50`	`50`	`var tag = this._tag_manager.set_callback(this, window.element_style.update);`
`51`	`51`	`this._es_debugger.requestEval(tag,`