diff --git a/content/bookmarks.js b/content/bookmarks.js
index 0ae4681e..f46ea347 100644
--- a/content/bookmarks.js
+++ b/content/bookmarks.js
@@ -262,11 +262,11 @@ function Bookmarks() //{{{
"| title | keyword | URL | tags |
|---|
";
for (var i = 0; i < items.length; i++)
{
- var title = items[i][1].replace(//, ">");
+ var title = vimperator.util.escapeHTML(items[i][1]);
if (title.length > 50)
title = title.substr(0, 47) + "...";
var keyword = "".substr(0,12); // maximum 12 chars
- var url = items[i][0].replace(//, ">");
+ var url = vimperator.util.escapeHTML(items[i][0]);
var tags = "tag1, tag2";
list += "| " + title + " | " + keyword +
" | " + url +
@@ -493,10 +493,10 @@ function History() //{{{
"| title | URL |
|---|
";
for (var i = 0; i < items.length; i++)
{
- var title = items[i][1].replace(//, ">");
+ var title = vimperator.util.escapeHTML(items[i][1]);
if (title.length > 50)
title = title.substr(0, 47) + "...";
- var url = items[i][0].replace(//, ">");
+ var url = vimperator.util.escapeHTML(items[i][0]);
list += "| " + title + " | " + url + " | ";
}
list += "
";
@@ -753,7 +753,7 @@ function Marks() //{{{
+ " | " + marks[i][0] + " | "
+ "" + Math.round(marks[i][1].position.y * 100) + "% | "
+ "" + Math.round(marks[i][1].position.x * 100) + "% | "
- + "" + marks[i][1].location.replace(//, ">") + " | "
+ + "" + vimperator.util.escapeHTML(marks[i][1].location) + " | "
+ "
";
}
list += "
";
@@ -846,7 +846,7 @@ function QuickMarks() //{{{
for (var i = 0; i < marks.length; i++)
{
list += "| " + marks[i][0] +
- " | " + marks[i][1].replace(//, ">") + " |
";
+ "" + vimperator.util.escapeHTML(marks[i][1]) + " | ";
}
list += "";
diff --git a/content/buffers.js b/content/buffers.js
index f741eb33..577e9c71 100644
--- a/content/buffers.js
+++ b/content/buffers.js
@@ -244,8 +244,8 @@ function Buffer() //{{{
[number, title] = items[i][0].split(/:\s+/, 2);
url = items[i][1];
- url = url.replace(/>/, ">").replace(//, ">").replace(/ " + number + " | " + indicator +
" | " + title +
diff --git a/content/commands.js b/content/commands.js
index 0fad46d4..7e5694e2 100644
--- a/content/commands.js
+++ b/content/commands.js
@@ -503,7 +503,7 @@ function Commands() //{{{
if (typeof arg === "object")
arg = vimperator.objectToString(arg, color);
else if (typeof arg === "function")
- arg = arg.toString().replace(//, ">");
+ arg = vimperator.util.escapeHTML(arg.toString());
else if (typeof arg === "number" || typeof arg === "boolean")
arg = "" + arg;
else if (typeof arg === "undefined")
diff --git a/content/help.js b/content/help.js
index 89b0e16e..6b913869 100644
--- a/content/help.js
+++ b/content/help.js
@@ -59,9 +59,7 @@ vimperator.help = function(section, easter) //{{{
// keep
//usage = usage.replace(/<([^b][^r].*>)/g, "<$1");
//usage = usage.replace(/[^b][^r][^\/]>/g, ">");
- usage = usage.replace(/&/g, "&");
- usage = usage.replace(//g, ">");
+ usage = vimperator.util.escapeHTML(usage);
usage = usage.replace(/\\n/g, "
");
// color [count], [!], {arg} and [arg] in the usage, not nice and error prone but the regexp work (for now)
usage = usage.replace(/({[^}]+})/g, "$1"); // required args
@@ -98,11 +96,7 @@ vimperator.help = function(section, easter) //{{{
for (var j=0; j < names.length; j++)
{
var cmd_name = names[j];
- cmd_name = cmd_name.replace(//g, ">");
- // cmd_name = cmd_name.replace(/"/g, """);
- // cmd_name = cmd_name.replace(/'/g, "'");
- // cmd_name = cmd_name.replace(/&/g, "&");
+ cmd_name = vimperator.util.escapeHTML(cmd_name);
ret += '' + beg + cmd_name + end + '
';
}
ret += ' | ';
diff --git a/content/mappings.js b/content/mappings.js
index fd4d0742..58297091 100644
--- a/content/mappings.js
+++ b/content/mappings.js
@@ -287,9 +287,9 @@ function Mappings() //{{{
for (var j = 0; j < maps[i].names.length; j++)
{
list += "";
- list += "| " + maps[i].names[j].replace(//g, ">") + " | "
+ list += " " + vimperator.util.escapeHTML(maps[i].names[j]) + " | "
if (maps[i].rhs)
- list += " " + maps[i].rhs.replace(//g, ">") + " | "
+ list += " " + vimperator.util.escapeHTML(maps[i].rhs) + " | "
list += "
";
}
}
diff --git a/content/util.js b/content/util.js
new file mode 100644
index 00000000..b6572d04
--- /dev/null
+++ b/content/util.js
@@ -0,0 +1,38 @@
+/***** BEGIN LICENSE BLOCK ***** {{{
+Version: MPL 1.1/GPL 2.0/LGPL 2.1
+
+The contents of this file are subject to the Mozilla Public License Version
+1.1 (the "License"); you may not use this file except in compliance with
+the License. You may obtain a copy of the License at
+http://www.mozilla.org/MPL/
+
+Software distributed under the License is distributed on an "AS IS" basis,
+WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+for the specific language governing rights and limitations under the
+License.
+
+(c) 2006-2007: Martin Stubenschrott
+
+Alternatively, the contents of this file may be used under the terms of
+either the GNU General Public License Version 2 or later (the "GPL"), or
+the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+in which case the provisions of the GPL or the LGPL are applicable instead
+of those above. If you wish to allow use of your version of this file only
+under the terms of either the GPL or the LGPL, and not to allow others to
+use your version of this file under the terms of the MPL, indicate your
+decision by deleting the provisions above and replace them with the notice
+and other provisions required by the GPL or the LGPL. If you do not delete
+the provisions above, a recipient may use your version of this file under
+the terms of any one of the MPL, the GPL or the LGPL.
+}}} ***** END LICENSE BLOCK *****/
+
+vimperator.util = {
+ escapeHTML: function(str)
+ {
+ var e = window.content.document.createElement("div");
+ e.appendChild(window.content.document.createTextNode(str));
+ return e.innerHTML;
+ }
+}
+
+// vim: set fdm=marker sw=4 ts=4 et:
diff --git a/content/vimperator.js b/content/vimperator.js
index 8201df56..8f4bc0c0 100644
--- a/content/vimperator.js
+++ b/content/vimperator.js
@@ -406,7 +406,7 @@ const vimperator = (function() //{{{
{
var str = value.toString();
if (typeof str == "string") // can be "undefined"
- value = str.replace(//g, ">");
+ value = vimperator.util.escapeHTML(str);
}
}
diff --git a/content/vimperator.xul b/content/vimperator.xul
index a086a507..b359b9c4 100644
--- a/content/vimperator.xul
+++ b/content/vimperator.xul
@@ -53,6 +53,7 @@ the terms of any one of the MPL, the GPL or the LGPL.
+