diff options
author | Shawn O. Pearce <sop@google.com> | 2009-02-19 10:49:32 -0800 |
---|---|---|
committer | Shawn O. Pearce <sop@google.com> | 2009-02-19 10:49:32 -0800 |
commit | 31aec7352027670ce97007ac049a7c4415197818 (patch) | |
tree | 43929c53089cfc42a0e63b36a8e5323071e0cc4c | |
parent | 4b122b83b4ebe1050e734f0f1748cdbeb75c6a1a (diff) |
Escape single quotes when escaping text for HTML inclusion
Like double quote, its safer to escape single quotes too, in case
they are being used to wrap an attribute value and the returned
string is being included inside of the attribute value.
Signed-off-by: Shawn O. Pearce <sop@google.com>
-rw-r--r-- | src/main/java/com/google/gerrit/client/ui/DomUtil.java | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/src/main/java/com/google/gerrit/client/ui/DomUtil.java b/src/main/java/com/google/gerrit/client/ui/DomUtil.java index c8034e196e..56e147c250 100644 --- a/src/main/java/com/google/gerrit/client/ui/DomUtil.java +++ b/src/main/java/com/google/gerrit/client/ui/DomUtil.java @@ -64,7 +64,13 @@ public abstract class DomUtil { private static class ClientImpl extends Impl { @Override - native String escape(String src)/*-{ return src.replace(/&/g,'&').replace(/>/g,'>').replace(/</g,'<').replace(/"/g,'"'); }-*/; + native String escape(String src) + /*-{ return src.replace(/&/g,'&') + .replace(/>/g,'>') + .replace(/</g,'<') + .replace(/"/g,'"') + .replace(/'/g,''') + ; }-*/; } private static class JavaImpl extends Impl { @@ -86,6 +92,9 @@ public abstract class DomUtil { case '"': r.append("""); break; + case '\'': + r.append("'"); + break; default: r.append(c); } |