Escape Page name

Use escape_javascript() in page name-changing javascript.
This commit is contained in:
Jacques Distler 2009-06-21 00:39:24 -05:00
parent 2ffa1ea007
commit a049d27222

View file

@ -46,7 +46,7 @@ function toggleVisibility() {
var span = document.getElementById('title_change'); var span = document.getElementById('title_change');
if (span.style.display =='inline') { if (span.style.display =='inline') {
span.style.display ='none'; span.style.display ='none';
document.getElementById('new_name').value = "<%= @page.name %>"; document.getElementById('new_name').value = "<%= escape_javascript(@page.name) %>";
var content = document.getElementById('content').value var content = document.getElementById('content').value
document.getElementById('content').value = content.replace(/\[\[!redirects <%= Regexp.escape(@page.name) %>\]\]\n/, '') document.getElementById('content').value = content.replace(/\[\[!redirects <%= Regexp.escape(@page.name) %>\]\]\n/, '')
} }
@ -55,9 +55,9 @@ function toggleVisibility() {
} }
function addRedirect(){ function addRedirect(){
if (document.getElementById('new_name').value != "<%= @page.name %>" ) { if (document.getElementById('new_name').value != "<%= escape_javascript(@page.name) %>" ) {
var content = document.getElementById('content'); var content = document.getElementById('content');
content.value = '[[!redirects <%= @page.name %>]]\n' + content.value content.value = '[[!redirects <%= escape_javascript(@page.name) %>]]\n' + content.value
} }
} }