Properly handling single quotes in author name
authorAlexander Ebert <ebert@woltlab.com>
Mon, 29 Jun 2015 11:30:07 +0000 (13:30 +0200)
committerAlexander Ebert <ebert@woltlab.com>
Mon, 29 Jun 2015 11:30:07 +0000 (13:30 +0200)
wcfsetup/install/files/js/WoltLab/WCF/BBCode/FromHtml.js
wcfsetup/install/files/js/WoltLab/WCF/BBCode/ToHtml.js

index 8612a5d1a06e880ff20c90f3c339f6ab9837e790..ed992aca32a521dce6098b3108af7339d7aee567 100644 (file)
@@ -1,4 +1,4 @@
-define(['DOM/Traverse'], function(DOMTraverse) {
+define(['StringUtil', 'DOM/Traverse'], function(StringUtil, DOMTraverse) {
        "use strict";
        
        var _converter = [];
@@ -99,8 +99,9 @@ define(['DOM/Traverse'], function(DOMTraverse) {
                        
                        var open = '[quote]';
                        if (author) {
+                               author = StringUtil.escapeHTML(author).replace(/(\\)?'/g, function(match, isEscaped) { return isEscaped ? match : "\\'"; });
                                if (link) {
-                                       open = "[quote='" + author + "','" + link + "']";
+                                       open = "[quote='" + author + "','" + StringUtil.escapeHTML(link) + "']";
                                }
                                else {
                                        open = "[quote='" + author + "']";
index 86ac7ad04d39179bb7cc77947915e90627aadd41..151927c128948d7c37a0c69c877718dc9e0783ab 100644 (file)
@@ -174,7 +174,7 @@ define(['Language', 'StringUtil', 'WoltLab/WCF/BBCode/Parser'], function(Languag
                        var header = '';
                        if (author) {
                                if (link) header = '<a href="' + StringUtil.escapeHTML(link) + '" tabindex="-1">';
-                               header += Language.get('wcf.bbcode.quote.title.javascript', { quoteAuthor: author });
+                               header += Language.get('wcf.bbcode.quote.title.javascript', { quoteAuthor: author.replace(/\\'/g, "'") });
                                if (link) header += '</a>';
                        }
                        else {