Use own escapeHtml instead of prototypejs

app/javascript/src/classes/browser_view.coffee

@@ -1,4 +1,5 @@
 import PreloadContainer from 'src/classes/preload_container'
+import { escapeHtml } from 'src/utils/dom'
 import { removeImageElement } from 'src/utils/image'
 import { numberToHumanSize } from 'src/utils/math'
 import FrameEditor from './frame_editor'
@@ -681,7 +682,7 @@ export default class BrowserView
         div = html.subst(
           sequence: sequence
           pool_id: pool_id
-          desc: pool_title.escapeHTML()).createElement()
+          desc: escapeHtml(pool_title)).createElement()
         div.post_id = post.id
         div.pool_id = pool_id
         pool_info.appendChild div

app/javascript/src/classes/inline_image.coffee

@@ -1,3 +1,5 @@
+import { escapeHtml } from 'src/utils/dom'
+
 export default class InlineImage
   constructor: ->
     @mouse_down = null
@@ -54,7 +56,7 @@ export default class InlineImage
       while idx < data.images.length
         # html_id looks like "inline-123-456".  Mark the button for each individual image as "inline-123-456-2".
         button_id = data.html_id + '-' + idx
-        text = data.images[idx].description.escapeHTML()
+        text = escapeHtml(data.images[idx].description)
         if text == ''
           text = '#' + idx + 1
         ui_html += '<a href=\'#\' id=\'' + button_id + '\' class=\'select-image\' onclick=\'InlineImage.show_image_no("' + data.html_id + '", ' + idx + '); return false;\'>' + text + '</a>'

app/javascript/src/utils/dom.coffee

@@ -1,3 +1,11 @@
 export hideEl = (el) -> el.style.display = 'none'
 
 export showEl = (el) -> el.style.display = ''
+
+export escapeHtml = (str) -> str.replace(/[&<>"']/g, (str) => ({
+  '&': '&amp;',
+  '<': '&lt;',
+  '>': '&gt;',
+  '"': '&quot;',
+  "'": '&#39;',
+})[str])