Bug 1365018 - Escape U+2028 and U+2029 when quoting a string in VariablesView.
MozReview-Commit-ID: AWb6y4kYEUv
--- a/devtools/client/shared/widgets/VariablesView.jsm
+++ b/devtools/client/shared/widgets/VariablesView.jsm
@@ -3896,24 +3896,32 @@ VariablesView.getClass = function (aGrip
var generateId = (function () {
let count = 0;
return function (aName = "") {
return aName.toLowerCase().trim().replace(/\s+/g, "-") + (++count);
};
})();
/**
- * Serialize a string to JSON. The result can be inserted in a string evaluated by `eval`.
+ * Quote and escape a string. The result will be another string containing an
+ * ECMAScript StringLiteral which will produce the original one when evaluated
+ * by `eval` or similar.
*
* @param string aString
- * The string to be escaped. If undefined, the function returns the empty string.
+ * An optional string to be escaped. If no string is passed, the function
+ * returns an empty string.
* @return string
*/
function escapeString(aString) {
- return JSON.stringify(aString) || "";
+ if (typeof aString !== "string") {
+ return "";
+ }
+ // U+2028 and U+2029 are allowed in JSON but not in ECMAScript string literals.
+ return JSON.stringify(aString).replace(/\u2028/g, '\\u2028')
+ .replace(/\u2029/g, '\\u2029');
}
/**
* Escape some HTML special characters. We do not need full HTML serialization
* here, we just want to make strings safe to display in HTML attributes, for
* the stringifiers.
*
* @param string aString