* Fix correct use of escaping in edit toolbar bits

author Brion Vibber <brion@users.mediawiki.org>

Mon, 4 Jul 2005 06:35:36 +0000 (06:35 +0000)

committer Brion Vibber <brion@users.mediawiki.org>

Mon, 4 Jul 2005 06:35:36 +0000 (06:35 +0000)
author Brion Vibber <brion@users.mediawiki.org>
Mon, 4 Jul 2005 06:35:36 +0000 (06:35 +0000)
committer Brion Vibber <brion@users.mediawiki.org>
Mon, 4 Jul 2005 06:35:36 +0000 (06:35 +0000)
diff --git a/RELEASE-NOTES b/RELEASE-NOTES

index ef3f97c..27e2cae 100644 (file)
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -463,6 +463,7 @@ of MediaWiki:Newpagetext) to &action=edit, if page is new.
  * (bug 2642) watchdetails message in several languages used  <a></a> instead of [ ]
  * (bug 2181) basic CSB language localisation by Tomasz G. Sienicki (thanks for the patch)
  * (bug 2632) also adjust height when zooming an image by giving only width
+* Fix correct use of escaping in edit toolbar bits
  
  
  === Caveats ===
diff --git a/skins/common/wikibits.js b/skins/common/wikibits.js

index 8726e64..c251c78 100644 (file)
--- a/skins/common/wikibits.js
+++ b/skins/common/wikibits.js
@@ -261,7 +261,8 @@ function toggleToc() {
  // we use it to avoid creating the toolbar where javascript is not enabled
  function addButton(imageFile, speedTip, tagOpen, tagClose, sampleText) {
  
-       speedTip=escapeQuotes(speedTip);
+       imageFile=escapeQuotesHTML(imageFile);
+       speedTip=escapeQuotesHTML(speedTip);
         tagOpen=escapeQuotes(tagOpen);
         tagClose=escapeQuotes(tagClose);
         sampleText=escapeQuotes(sampleText);
@@ -280,7 +281,7 @@ function addButton(imageFile, speedTip, tagOpen, tagClose, sampleText) {
         document.write("<a href=\"javascript:insertTags");
         document.write("('"+tagOpen+"','"+tagClose+"','"+sampleText+"');\">");
  
-        document.write("<img width=\"23\" height=\"22\" src=\""+imageFile+"\" border=\"0\" alt=\""+speedTip+"\" title=\""+speedTip+"\""+mouseOver+">");
+       document.write("<img width=\"23\" height=\"22\" src=\""+imageFile+"\" border=\"0\" alt=\""+speedTip+"\" title=\""+speedTip+"\""+mouseOver+">");
         document.write("</a>");
         return;
  }
@@ -306,17 +307,21 @@ function addInfobox(infoText,text_alert) {
  
  function escapeQuotes(text) {
         var re=new RegExp("'","g");
-       text=text.replace(re,"&#39;");
-       re=new RegExp('"',"g");
-       text=text.replace(re,'&quot;');
+       text=text.replace(re,"\\'");
         re=new RegExp("\\n","g");
         text=text.replace(re,"\\n");
-       return text;
+       return escapeQuotesHTML(text);
  }
  
  function escapeQuotesHTML(text) {
+       var re=new RegExp('&',"g");
+       text=text.replace(re,"&amp;");
         var re=new RegExp('"',"g");
         text=text.replace(re,"&quot;");
+       var re=new RegExp('<',"g");
+       text=text.replace(re,"&lt;");
+       var re=new RegExp('>',"g");
+       text=text.replace(re,"&gt;");
         return text;
  }
author	Brion Vibber <brion@users.mediawiki.org>
	Mon, 4 Jul 2005 06:35:36 +0000 (06:35 +0000)
committer	Brion Vibber <brion@users.mediawiki.org>
	Mon, 4 Jul 2005 06:35:36 +0000 (06:35 +0000)
RELEASE-NOTES		patch \| blob \| history
skins/common/wikibits.js		patch \| blob \| history