Ticket #182: escape urls.patch

frmresourceslist.html

@@ -23 +23 @@
 -->
 <html xmlns="http://www.w3.org/1999/xhtml">
 <head>
+        <title>List of resources</title>
         <link href="browser.css" type="text/css" rel="stylesheet" />
         <script type="text/javascript" src="js/common.js"></script>
         <script type="text/javascript">
@@ -34 +35 @@
         document.body.innerHTML = '' ;
 }
 
+function ProtectPath(path)
+{
+        path = path.replace( /\\/g, '\\\\') ;
+        path = path.replace( /'/g, '\\\'') ;
+        return path ;
+}
+
 oListManager.GetFolderRowHtml = function( folderName, folderPath )
 {
         // Build the link to view the folder.
-        var sLink = '<a href="#" onclick="OpenFolder(\'' + folderPath.replace( /'/g, '\\\'') + '\');return false;">' ;
+        var sLink = '<a href="#" onclick="OpenFolder(\'' + ProtectPath(folderPath) + '\');return false;">' ;
 
         return '<tr>' +
                         '<td width="16">' +
                                 sLink +
-                                '<img alt="" src="images/Folder.gif" width="16" height="16" border="0"></a>' +
-                        '</td><td nowrap colspan="2">&nbsp;' +
+                                '<img alt="" src="images/Folder.gif" width="16" height="16" border="0"><\/a>' +
+                        '<\/td><td nowrap colspan="2">&nbsp;' +
                                 sLink +
                                 folderName +
-                                '</a>' +
-                '</td></tr>' ;
+                                '<\/a>' +
+                '<\/td><\/tr>' ;
 }
 
 oListManager.GetFileRowHtml = function( fileName, fileUrl, fileSize )
 {
         // Build the link to view the folder.
-        var sLink = '<a href="#" onclick="OpenFile(\'' + fileUrl.replace( /'/g, '\\\'') + '\');return false;">' ;
+        var sLink = '<a href="#" onclick="OpenFile(\'' + ProtectPath(fileUrl) + '\');return false;">' ;
 
         // Get the file icon.
         var sIcon = oIcons.GetIcon( fileName ) ;
@@ -61 +69 @@
         return '<tr>' +
                         '<td width="16">' +
                                 sLink +
-                                '<img alt="" src="images/icons/' + sIcon + '.gif" width="16" height="16" border="0"></a>' +
-                        '</td><td>&nbsp;' +
+                                '<img alt="" src="images/icons/' + sIcon + '.gif" width="16" height="16" border="0"><\/a>' +
+                        '<\/td><td>&nbsp;' +
                                 sLink +
                                 fileName +
-                                '</a>' +
-                        '</td><td align="right" nowrap>&nbsp;' +
+                                '<\/a>' +
+                        '<\/td><td align="right" nowrap>&nbsp;' +
                                 fileSize +
                                 ' KB' +
-                '</td></tr>' ;
+                '<\/td><\/tr>' ;
 }
 
 function OpenFolder( folderPath )
@@ -80 +88 @@
 
 function OpenFile( fileUrl )
 {
-        window.top.opener.SetUrl( fileUrl ) ;
+        window.top.opener.SetUrl( escape(fileUrl) ) ;
         window.top.close() ;
         window.top.opener.focus() ;
 }
@@ -155 +163 @@
 }
         </script>
 </head>
-<body class="FileArea" bottommargin="10" leftmargin="10" topmargin="10" rightmargin="10">
+<body class="FileArea">
 </body>
 </html>