From c2a6510a709bce26a81e372a75daca17c0c7279e Mon Sep 17 00:00:00 2001 From: Alexander Ebert Date: Mon, 29 Jun 2015 13:30:07 +0200 Subject: [PATCH] Properly handling single quotes in author name --- wcfsetup/install/files/js/WoltLab/WCF/BBCode/FromHtml.js | 5 +++-- wcfsetup/install/files/js/WoltLab/WCF/BBCode/ToHtml.js | 2 +- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/wcfsetup/install/files/js/WoltLab/WCF/BBCode/FromHtml.js b/wcfsetup/install/files/js/WoltLab/WCF/BBCode/FromHtml.js index 8612a5d1a0..ed992aca32 100644 --- a/wcfsetup/install/files/js/WoltLab/WCF/BBCode/FromHtml.js +++ b/wcfsetup/install/files/js/WoltLab/WCF/BBCode/FromHtml.js @@ -1,4 +1,4 @@ -define(['DOM/Traverse'], function(DOMTraverse) { +define(['StringUtil', 'DOM/Traverse'], function(StringUtil, DOMTraverse) { "use strict"; var _converter = []; @@ -99,8 +99,9 @@ define(['DOM/Traverse'], function(DOMTraverse) { var open = '[quote]'; if (author) { + author = StringUtil.escapeHTML(author).replace(/(\\)?'/g, function(match, isEscaped) { return isEscaped ? match : "\\'"; }); if (link) { - open = "[quote='" + author + "','" + link + "']"; + open = "[quote='" + author + "','" + StringUtil.escapeHTML(link) + "']"; } else { open = "[quote='" + author + "']"; diff --git a/wcfsetup/install/files/js/WoltLab/WCF/BBCode/ToHtml.js b/wcfsetup/install/files/js/WoltLab/WCF/BBCode/ToHtml.js index 86ac7ad04d..151927c128 100644 --- a/wcfsetup/install/files/js/WoltLab/WCF/BBCode/ToHtml.js +++ b/wcfsetup/install/files/js/WoltLab/WCF/BBCode/ToHtml.js @@ -174,7 +174,7 @@ define(['Language', 'StringUtil', 'WoltLab/WCF/BBCode/Parser'], function(Languag var header = ''; if (author) { if (link) header = ''; - header += Language.get('wcf.bbcode.quote.title.javascript', { quoteAuthor: author }); + header += Language.get('wcf.bbcode.quote.title.javascript', { quoteAuthor: author.replace(/\\'/g, "'") }); if (link) header += ''; } else { -- 2.20.1