// we use it to avoid creating the toolbar where javascript is not enabled
function addButton(imageFile, speedTip, tagOpen, tagClose, sampleText) {
- speedTip=escapeQuotes(speedTip);
+ imageFile=escapeQuotesHTML(imageFile);
+ speedTip=escapeQuotesHTML(speedTip);
tagOpen=escapeQuotes(tagOpen);
tagClose=escapeQuotes(tagClose);
sampleText=escapeQuotes(sampleText);
document.write("<a href=\"javascript:insertTags");
document.write("('"+tagOpen+"','"+tagClose+"','"+sampleText+"');\">");
- document.write("<img width=\"23\" height=\"22\" src=\""+imageFile+"\" border=\"0\" alt=\""+speedTip+"\" title=\""+speedTip+"\""+mouseOver+">");
+ document.write("<img width=\"23\" height=\"22\" src=\""+imageFile+"\" border=\"0\" alt=\""+speedTip+"\" title=\""+speedTip+"\""+mouseOver+">");
document.write("</a>");
return;
}
function escapeQuotes(text) {
var re=new RegExp("'","g");
- text=text.replace(re,"'");
- re=new RegExp('"',"g");
- text=text.replace(re,'"');
+ text=text.replace(re,"\\'");
re=new RegExp("\\n","g");
text=text.replace(re,"\\n");
- return text;
+ return escapeQuotesHTML(text);
}
function escapeQuotesHTML(text) {
+ var re=new RegExp('&',"g");
+ text=text.replace(re,"&");
var re=new RegExp('"',"g");
text=text.replace(re,""");
+ var re=new RegExp('<',"g");
+ text=text.replace(re,"<");
+ var re=new RegExp('>',"g");
+ text=text.replace(re,">");
return text;
}