From: Alexander Ebert Date: Mon, 29 Jun 2015 11:30:07 +0000 (+0200) Subject: Properly handling single quotes in author name X-Git-Tag: 3.0.0_Beta_1~2229 X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=c2a6510a709bce26a81e372a75daca17c0c7279e;p=GitHub%2FWoltLab%2FWCF.git Properly handling single quotes in author name --- diff --git a/wcfsetup/install/files/js/WoltLab/WCF/BBCode/FromHtml.js b/wcfsetup/install/files/js/WoltLab/WCF/BBCode/FromHtml.js index 8612a5d1a0..ed992aca32 100644 --- a/wcfsetup/install/files/js/WoltLab/WCF/BBCode/FromHtml.js +++ b/wcfsetup/install/files/js/WoltLab/WCF/BBCode/FromHtml.js @@ -1,4 +1,4 @@ -define(['DOM/Traverse'], function(DOMTraverse) { +define(['StringUtil', 'DOM/Traverse'], function(StringUtil, DOMTraverse) { "use strict"; var _converter = []; @@ -99,8 +99,9 @@ define(['DOM/Traverse'], function(DOMTraverse) { var open = '[quote]'; if (author) { + author = StringUtil.escapeHTML(author).replace(/(\\)?'/g, function(match, isEscaped) { return isEscaped ? match : "\\'"; }); if (link) { - open = "[quote='" + author + "','" + link + "']"; + open = "[quote='" + author + "','" + StringUtil.escapeHTML(link) + "']"; } else { open = "[quote='" + author + "']"; diff --git a/wcfsetup/install/files/js/WoltLab/WCF/BBCode/ToHtml.js b/wcfsetup/install/files/js/WoltLab/WCF/BBCode/ToHtml.js index 86ac7ad04d..151927c128 100644 --- a/wcfsetup/install/files/js/WoltLab/WCF/BBCode/ToHtml.js +++ b/wcfsetup/install/files/js/WoltLab/WCF/BBCode/ToHtml.js @@ -174,7 +174,7 @@ define(['Language', 'StringUtil', 'WoltLab/WCF/BBCode/Parser'], function(Languag var header = ''; if (author) { if (link) header = ''; - header += Language.get('wcf.bbcode.quote.title.javascript', { quoteAuthor: author }); + header += Language.get('wcf.bbcode.quote.title.javascript', { quoteAuthor: author.replace(/\\'/g, "'") }); if (link) header += ''; } else {