-define(['DOM/Traverse'], function(DOMTraverse) {
+define(['StringUtil', 'DOM/Traverse'], function(StringUtil, DOMTraverse) {
"use strict";
var _converter = [];
var open = '[quote]';
if (author) {
+ author = StringUtil.escapeHTML(author).replace(/(\\)?'/g, function(match, isEscaped) { return isEscaped ? match : "\\'"; });
if (link) {
- open = "[quote='" + author + "','" + link + "']";
+ open = "[quote='" + author + "','" + StringUtil.escapeHTML(link) + "']";
}
else {
open = "[quote='" + author + "']";
var header = '';
if (author) {
if (link) header = '<a href="' + StringUtil.escapeHTML(link) + '" tabindex="-1">';
- header += Language.get('wcf.bbcode.quote.title.javascript', { quoteAuthor: author });
+ header += Language.get('wcf.bbcode.quote.title.javascript', { quoteAuthor: author.replace(/\\'/g, "'") });
if (link) header += '</a>';
}
else {