Fix bug 74372.

BUG=74372
TEST=Manual test

Review URL: http://codereview.chromium.org/6602044

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@76432 0039d316-1c4b-4281-b951-d872f2087c98

1 files changed, 6 insertions, 3 deletions

diff --git a/webkit/blob/view_blob_internals_job.cc b/webkit/blob/view_blob_internals_job.cc
index eceb5cd..6ff830a 100644
--- a/webkit/blob/view_blob_internals_job.cc
+++ b/webkit/blob/view_blob_internals_job.cc
@@ -65,7 +65,7 @@ void EndHTML(std::string* out) {
 
 void AddHTMLBoldText(const std::string& text, std::string* out) {
   out->append("<b>");
-  out->append(text);
+  out->append(EscapeForHTML(text));
   out->append("</b>");
 }
 
@@ -81,19 +81,22 @@ void AddHTMLListItem(const std::string& element_title,
                      const std::string& element_data,
                      std::string* out) {
   out->append("<li>");
+  // No need to escape element_title since constant string is passed.
   out->append(element_title);
-  out->append(element_data);
+  out->append(EscapeForHTML(element_data));
   out->append("</li>");
 }
 
 void AddHTMLButton(const std::string& title,
                    const std::string& command,
                    std::string* out) {
+  // No need to escape title since constant string is passed.
+  std::string escaped_command = EscapeForHTML(command.c_str());
   base::StringAppendF(out,
                       "<input type=\"button\" value=\"%s\" "
                       "onclick=\"SubmitCommand('%s')\" />",
                       title.c_str(),
-                      command.c_str());
+                      escaped_command.c_str());
 }
 
 }  // namespace