From 09cb85c4b517b377d86eaa83633cc8d0e65b8d24 Mon Sep 17 00:00:00 2001
From: nanaya <me@nanaya.net>
Date: Thu, 22 Feb 2024 03:26:05 +0900
Subject: [PATCH] Use own escapeHtml instead of prototypejs

---
 app/javascript/src/classes/browser_view.coffee | 3 ++-
 app/javascript/src/classes/inline_image.coffee | 4 +++-
 app/javascript/src/utils/dom.coffee            | 8 ++++++++
 3 files changed, 13 insertions(+), 2 deletions(-)

diff --git a/app/javascript/src/classes/browser_view.coffee b/app/javascript/src/classes/browser_view.coffee
index b50d173b0..28d03a225 100644
--- a/app/javascript/src/classes/browser_view.coffee
+++ b/app/javascript/src/classes/browser_view.coffee
@@ -1,4 +1,5 @@
 import PreloadContainer from 'src/classes/preload_container'
+import { escapeHtml } from 'src/utils/dom'
 import { removeImageElement } from 'src/utils/image'
 import { numberToHumanSize } from 'src/utils/math'
 import FrameEditor from './frame_editor'
@@ -681,7 +682,7 @@ export default class BrowserView
         div = html.subst(
           sequence: sequence
           pool_id: pool_id
-          desc: pool_title.escapeHTML()).createElement()
+          desc: escapeHtml(pool_title)).createElement()
         div.post_id = post.id
         div.pool_id = pool_id
         pool_info.appendChild div
diff --git a/app/javascript/src/classes/inline_image.coffee b/app/javascript/src/classes/inline_image.coffee
index 3d5330920..a4ab9e279 100644
--- a/app/javascript/src/classes/inline_image.coffee
+++ b/app/javascript/src/classes/inline_image.coffee
@@ -1,3 +1,5 @@
+import { escapeHtml } from 'src/utils/dom'
+
 export default class InlineImage
   constructor: ->
     @mouse_down = null
@@ -54,7 +56,7 @@ export default class InlineImage
       while idx < data.images.length
         # html_id looks like "inline-123-456".  Mark the button for each individual image as "inline-123-456-2".
         button_id = data.html_id + '-' + idx
-        text = data.images[idx].description.escapeHTML()
+        text = escapeHtml(data.images[idx].description)
         if text == ''
           text = '#' + idx + 1
         ui_html += '<a href=\'#\' id=\'' + button_id + '\' class=\'select-image\' onclick=\'InlineImage.show_image_no("' + data.html_id + '", ' + idx + '); return false;\'>' + text + '</a>'
diff --git a/app/javascript/src/utils/dom.coffee b/app/javascript/src/utils/dom.coffee
index daef94669..bbcce85fa 100644
--- a/app/javascript/src/utils/dom.coffee
+++ b/app/javascript/src/utils/dom.coffee
@@ -1,3 +1,11 @@
 export hideEl = (el) -> el.style.display = 'none'
 
 export showEl = (el) -> el.style.display = ''
+
+export escapeHtml = (str) -> str.replace(/[&<>"']/g, (str) => ({
+  '&': '&amp;',
+  '<': '&lt;',
+  '>': '&gt;',
+  '"': '&quot;',
+  "'": '&#39;',
+})[str])