Properly escape contents of links added to the inspector.
authortimothy@apple.com <timothy@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 12 Sep 2008 22:43:38 +0000 (22:43 +0000)
committertimothy@apple.com <timothy@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 12 Sep 2008 22:43:38 +0000 (22:43 +0000)
        For now, just build the link with the DOM and get the
        outerHTML. Eventually, we probably just want to do
        this entirely with the DOM.

        Reviewed by Timothy Hatcher.

        https://bugs.webkit.org/show_bug.cgi?id=20684

        * manual-tests/inspector/escape-links.html: Added.
        * page/inspector/StylesSidebarPane.js:
        * page/inspector/inspector.js:
        * page/inspector/utilities.js:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@36359 268f45cc-cd09-0410-ab3c-d52691b4dbfc

WebCore/ChangeLog
WebCore/manual-tests/inspector/escape-links.html [new file with mode: 0644]
WebCore/page/inspector/StylesSidebarPane.js
WebCore/page/inspector/inspector.js
WebCore/page/inspector/utilities.js

index 240f783..0ee1ead 100644 (file)
@@ -1,3 +1,19 @@
+2008-09-12  Ojan Vafai  <ojan@chromium.org>
+
+        Properly escape contents of links added to the inspector.
+        For now, just build the link with the DOM and get the
+        outerHTML. Eventually, we probably just want to do
+        this entirely with the DOM.
+
+        Reviewed by Timothy Hatcher.
+
+        https://bugs.webkit.org/show_bug.cgi?id=20684
+
+        * manual-tests/inspector/escape-links.html: Added.
+        * page/inspector/StylesSidebarPane.js:
+        * page/inspector/inspector.js:
+        * page/inspector/utilities.js:
+
 2008-09-12  Adele Peterson  <adele@apple.com>
 
         Reviewed by John Sullivan and Kevin McCullough.
diff --git a/WebCore/manual-tests/inspector/escape-links.html b/WebCore/manual-tests/inspector/escape-links.html
new file mode 100644 (file)
index 0000000..5c5f6c0
--- /dev/null
@@ -0,0 +1 @@
+<html> 
index 3cd3e33..714f401 100644 (file)
@@ -287,7 +287,7 @@ WebInspector.StylePropertiesSection = function(styleRule, subtitle, computedStyl
         if (!subtitle) {
             if (this.styleRule.parentStyleSheet && this.styleRule.parentStyleSheet.href) {
                 var url = this.styleRule.parentStyleSheet.href;
-                subtitle = WebInspector.linkifyURL(url, WebInspector.displayNameForURL(url).escapeHTML());
+                subtitle = WebInspector.linkifyURL(url, WebInspector.displayNameForURL(url));
                 this.subtitleElement.addStyleClass("file");
             } else if (isUserAgent)
                 subtitle = WebInspector.UIString("user agent stylesheet");
index 6173597..9e33eb3 100644 (file)
@@ -1087,12 +1087,9 @@ WebInspector.linkifyURLAsNode = function(url, linkText, classes, isExternal)
 
 WebInspector.linkifyURL = function(url, linkText, classes, isExternal)
 {
-    if (!linkText)
-        linkText = url.escapeHTML();
-    classes = (classes ? classes + " " : "");
-    classes += isExternal ? "webkit-html-external-link" : "webkit-html-resource-link";
-    var link = "<a href=\"" + url + "\" class=\"" + classes + "\" title=\"" + url + "\" target=\"_blank\">" + linkText + "</a>";
-    return link;
+    // Use the DOM version of this function so as to avoid needing to escape attributes.
+    // FIXME:  Get rid of linkifyURL entirely.
+    return WebInspector.linkifyURLAsNode(url, linkText, classes, isExternal).outerHTML;
 }
 
 WebInspector.addMainEventListeners = function(doc)
index da15b8b..31221f9 100644 (file)
@@ -784,15 +784,17 @@ function nodeTitleInfo(hasChildren, linkify)
             if (this.hasAttributes()) {
                 for (var i = 0; i < this.attributes.length; ++i) {
                     var attr = this.attributes[i];
-                    var value = attr.value.escapeHTML();
-                    value = value.replace(/([\/;:\)\]\}])/g, "$1&#8203;");
-
                     info.title += " <span class=\"webkit-html-attribute\"><span class=\"webkit-html-attribute-name\">" + attr.name.escapeHTML() + "</span>=&#8203;\"";
 
-                    if (linkify && (attr.name === "src" || attr.name === "href"))
+                    var value = attr.value;
+                    if (linkify && (attr.name === "src" || attr.name === "href")) {
+                        var value = value.replace(/([\/;:\)\]\}])/g, "$1\u200B");
                         info.title += linkify(attr.value, value, "webkit-html-attribute-value", this.nodeName.toLowerCase() == "a");
-                    else
+                    } else {
+                        var value = value.escapeHTML();
+                        value = value.replace(/([\/;:\)\]\}])/g, "$1&#8203;");
                         info.title += "<span class=\"webkit-html-attribute-value\">" + value + "</span>";
+                    }
                     info.title += "\"</span>";
                 }
             }