From 2f668e22a495259d53772c6cc055547cd26cd7f1 Mon Sep 17 00:00:00 2001
From: "ojan@google.com" <ojan@google.com@0039d316-1c4b-4281-b951-d872f2087c98>
Date: Wed, 10 Sep 2008 22:00:02 +0000
Subject: Fix escaping of hrefs on A tags in the inspector. I will pursue
 making this change upstream as well, but as best I can tell, this function is
 dead code upstream and should just be deleted. Review URL:
 http://codereview.chromium.org/1880

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@2023 0039d316-1c4b-4281-b951-d872f2087c98
---
 webkit/port/page/inspector/inspector.js |  5 +++--
 webkit/port/page/inspector/utilities.js | 12 ++++++------
 2 files changed, 9 insertions(+), 8 deletions(-)

diff --git a/webkit/port/page/inspector/inspector.js b/webkit/port/page/inspector/inspector.js
index a1e1805a..dfd9d07 100644
--- a/webkit/port/page/inspector/inspector.js
+++ b/webkit/port/page/inspector/inspector.js
@@ -809,11 +809,12 @@ WebInspector.showResourceForURL = function(url, line)
 
 WebInspector.linkifyURL = function(url, linkText, classes, isExternal)
 {
+    url = url.escapeHTML();
     if (linkText === undefined)
-        linkText = url.escapeHTML();
+        linkText = url;
     classes = (classes === undefined) ? "" : classes + " ";
     classes += isExternal ? "webkit-html-external-link" : "webkit-html-resource-link";
-    var link = "<a href=\"" + url + "\" class=\"" + classes + "\" title=\"" + url + "\" target=\"_blank\">" + linkText + "</a>";
+    var link = "<a href=\"" + url + "\" class=\"" + classes.escapeHTML() + "\" title=\"" + url + "\" target=\"_blank\">" + linkText + "</a>";
     return link;
 }
 
diff --git a/webkit/port/page/inspector/utilities.js b/webkit/port/page/inspector/utilities.js
index 5d295d4..9dcf71c 100644
--- a/webkit/port/page/inspector/utilities.js
+++ b/webkit/port/page/inspector/utilities.js
@@ -246,7 +246,7 @@ String.prototype.escapeForRegExp = function()
 
 String.prototype.escapeHTML = function()
 {
-    return this.replace(/&/g, "&amp;").replace(/</g, "&lt;").replace(/>/g, "&gt;");
+    return this.replace(/&/g, "&amp;").replace(/</g, "&lt;").replace(/>/g, "&gt;").replace(/\"/g, "&quot;").replace(/\'/g, "&#039;");
 }
 
 String.prototype.collapseWhitespace = function()
@@ -674,15 +674,15 @@ function nodeTitleInfo(hasChildren, linkify)
             break;
 
         case Node.DOCUMENT_TYPE_NODE:
-            info.title = "<span class=\"webkit-html-doctype\">&lt;!DOCTYPE " + this.nodeName;
+            info.title = "<span class=\"webkit-html-doctype\">&lt;!DOCTYPE " + this.nodeName.escapeHTML();
             if (this.publicId) {
-                info.title += " PUBLIC \"" + this.publicId + "\"";
+                info.title += " PUBLIC \"" + this.publicId.escapeHTML() + "\"";
                 if (this.systemId)
-                    info.title += " \"" + this.systemId + "\"";
+                    info.title += " \"" + this.systemId.escapeHTML() + "\"";
             } else if (this.systemId)
-                info.title += " SYSTEM \"" + this.systemId + "\"";
+                info.title += " SYSTEM \"" + this.systemId.escapeHTML() + "\"";
             if (this.internalSubset)
-                info.title += " [" + this.internalSubset + "]";
+                info.title += " [" + this.internalSubset.escapeHTML() + "]";
             info.title += "&gt;</span>";
             break;
         default:
-- 
cgit v1.1