Index: branches/wmf/1.16wmf4/extensions/ProofreadPage/proofread.js |
— | — | @@ -151,23 +151,18 @@ |
152 | 152 | self.proofreadpage_username = ""; |
153 | 153 | } |
154 | 154 | |
155 | | - //escape & character |
156 | | - pageBody = pageBody.split("&").join("&") |
157 | | - pageHeader = pageHeader.split("&").join("&") |
158 | | - pageFooter = pageFooter.split("&").join("&") |
159 | | - |
160 | 155 | container.innerHTML = '' |
161 | 156 | + '<div id="prp_header" style="display:none;">' |
162 | 157 | + '<span style="color:gray;font-size:80%;line-height:100%;">' |
163 | 158 | + escapeQuotesHTML(proofreadPageMessageHeader) + '</span>' |
164 | | - + '<textarea name="wpHeaderTextbox" rows="2" cols="80" tabindex=1>' + pageHeader + '</textarea><br/>' |
| 159 | + + '<textarea name="wpHeaderTextbox" rows="2" cols="80" tabindex=1>' + escapeQuotesHTML( pageHeader ) + '</textarea><br/>' |
165 | 160 | + '<span style="color:gray;font-size:80%;line-height:100%;">' |
166 | 161 | + escapeQuotesHTML(proofreadPageMessagePageBody) + '</span></div>' |
167 | | - + '<textarea name="wpTextbox1" id="wpTextbox1" tabindex=1 style="height:' + ( self.DisplayHeight - 6 ) + 'px;">' + pageBody + '</textarea>' |
| 162 | + + '<textarea name="wpTextbox1" id="wpTextbox1" tabindex=1 style="height:' + ( self.DisplayHeight - 6 ) + 'px;">' + escapeQuotesHTML( pageBody ) + '</textarea>' |
168 | 163 | + '<div id="prp_footer" style="display:none;">' |
169 | 164 | + '<span style="color:gray;font-size:80%;line-height:100%;">' |
170 | 165 | + escapeQuotesHTML(proofreadPageMessageFooter) + '</span><br/>' |
171 | | - + '<textarea name="wpFooterTextbox" rows="2" cols="80" tabindex=1>'+pageFooter+'</textarea></div>'; |
| 166 | + + '<textarea name="wpFooterTextbox" rows="2" cols="80" tabindex=1>'+ escapeQuotesHTML( pageFooter ) +'</textarea></div>'; |
172 | 167 | |
173 | 168 | |
174 | 169 | } |
— | — | @@ -891,7 +886,7 @@ |
892 | 887 | if( !ig ) return; |
893 | 888 | var f = document.createElement("span"); |
894 | 889 | f.innerHTML = |
895 | | -' <input type="hidden" name="wpProofreader" value="'+self.proofreadpage_username+'">' |
| 890 | +' <input type="hidden" name="wpProofreader" value="'+ escapeQuotesHTML( self.proofreadpage_username ) +'">' |
896 | 891 | +'<span class="quality0"> <input type="radio" name="quality" value=0 onclick="pr_add_quality(this.form,0)" tabindex=4> </span>' |
897 | 892 | +'<span class="quality2"> <input type="radio" name="quality" value=2 onclick="pr_add_quality(this.form,2)" tabindex=4> </span>' |
898 | 893 | +'<span class="quality1"> <input type="radio" name="quality" value=1 onclick="pr_add_quality(this.form,1)" tabindex=4> </span>' |