Bug 691226. Make about:memory do more escaping, since item descriptions can contain characters that are not allowed in XML attribute values. r=jlebar, a=legneato
authorBoris Zbarsky <bzbarsky@mit.edu>
Mon, 03 Oct 2011 15:11:14 -0400
changeset 79051 6763937c5a1fd5af01972cfdf3378eb037bc8d0b
parent 79050 625b0a5109eb3ba698172a3dc61eceb7c29cae57
child 79052 aa2f030842c0b225f97f8a493d3187f406815fc7
push id78
push userclegnitto@mozilla.com
push dateFri, 16 Dec 2011 17:32:24 +0000
treeherdermozilla-release@79d24e644fdd [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersjlebar, legneato
bugs691226
milestone9.0a2
Bug 691226. Make about:memory do more escaping, since item descriptions can contain characters that are not allowed in XML attribute values. r=jlebar, a=legneato
toolkit/components/aboutmemory/content/aboutMemory.js
--- a/toolkit/components/aboutmemory/content/aboutMemory.js
+++ b/toolkit/components/aboutmemory/content/aboutMemory.js
@@ -811,21 +811,16 @@ function kindToString(aKind)
    case KIND_NONHEAP: return "(Non-heap) ";
    case KIND_HEAP:    return "(Heap) ";
    case KIND_OTHER:
    case undefined:    return "";
    default:           assert(false, "bad kind in kindToString");
   }
 }
 
-function escapeQuotes(aStr)
-{
-  return aStr.replace(/\&/g, '&amp;').replace(/'/g, '&#39;');
-}
-
 // For user-controlled strings.
 function escapeAll(aStr)
 {
   return aStr.replace(/\&/g, '&amp;').replace(/'/g, '&#39;').
               replace(/\</g, '&lt;').replace(/>/g, '&gt;').
               replace(/\"/g, '&quot;');
 }
 
@@ -839,17 +834,17 @@ function flipBackslashes(aStr)
 
 function prepName(aStr)
 {
   return escapeAll(flipBackslashes(aStr));
 }
 
 function prepDesc(aStr)
 {
-  return escapeQuotes(flipBackslashes(aStr));
+  return escapeAll(flipBackslashes(aStr));
 }
 
 function genMrNameText(aKind, aDesc, aName, aHasProblem, aNMerged)
 {
   var text = "-- <span class='mrName hasDesc' title='" +
              kindToString(aKind) + prepDesc(aDesc) +
              "'>" + prepName(aName) + "</span>";
   if (aHasProblem) {