From 723f75b016e672d18a2bfb0c88fdb2fa25c98e79 Mon Sep 17 00:00:00 2001
From: Chad Weider <cweider@oofn.net>
Date: Mon, 28 May 2012 12:15:22 -0700
Subject: [PATCH 1/2] Make exception handler static named function.

---
 src/static/js/pad_utils.js | 48 +++++++++++++++++++++-----------------
 1 file changed, 26 insertions(+), 22 deletions(-)

diff --git a/src/static/js/pad_utils.js b/src/static/js/pad_utils.js
index 83ee9aae8..c6aeef77f 100644
--- a/src/static/js/pad_utils.js
+++ b/src/static/js/pad_utils.js
@@ -500,30 +500,34 @@ var padutils = {
   }
 };
 
-var globalExceptionHandler = undefined;
-function setupGlobalExceptionHandler() {
-  if (!globalExceptionHandler) {
-    globalExceptionHandler = function test (msg, url, linenumber)
-    {
-      var errorId = randomString(20);
-      if ($("#editorloadingbox").attr("display") != "none"){
-        //show javascript errors to the user
-        $("#editorloadingbox").css("padding", "10px");
-        $("#editorloadingbox").css("padding-top", "45px");
-        $("#editorloadingbox").html("<div style='text-align:left;color:red;font-size:16px;'><b>An error occured</b><br>The error was reported with the following id: '" + errorId + "'<br><br><span style='color:black;font-weight:bold;font-size:16px'>Please send this error message to us: </span><div style='color:black;font-size:14px'>'"
-          + "ErrorId: " + errorId + "<br>UserAgent: " + navigator.userAgent + "<br>" + msg + " in " + url + " at line " + linenumber + "'</div></div>");
-      }
+function globalExceptionHandler(msg, url, linenumber) {
+  var errorId = randomString(20);
+  if ($("#editorloadingbox").attr("display") != "none"){
+    //show javascript errors to the user
+    $("#editorloadingbox").css("padding", "10px");
+    $("#editorloadingbox").css("padding-top", "45px");
+    $("#editorloadingbox").html("<div style='text-align:left;color:red;font-size:16px;'><b>An error occured</b><br>The error was reported with the following id: '" + errorId + "'<br><br><span style='color:black;font-weight:bold;font-size:16px'>Please send this error message to us: </span><div style='color:black;font-size:14px'>'"
+      + "ErrorId: " + errorId + "<br>UserAgent: " + navigator.userAgent + "<br>" + msg + " in " + url + " at line " + linenumber + "'</div></div>");
+  }
 
-      //send javascript errors to the server
-      var errObj = {errorInfo: JSON.stringify({errorId: errorId, msg: msg, url: url, linenumber: linenumber, userAgent: navigator.userAgent})};
-      var loc = document.location;
-      var url = loc.protocol + "//" + loc.hostname + ":" + loc.port + "/" + loc.pathname.substr(1, loc.pathname.indexOf("/p/")) + "jserror";
- 
-      $.post(url, errObj);
- 
-      return false;
-    };
+  //send javascript errors to the server
+  var errObj = {errorInfo: JSON.stringify({errorId: errorId, msg: msg, url: url, linenumber: linenumber, userAgent: navigator.userAgent})};
+  var loc = document.location;
+  var url = loc.protocol + "//" + loc.hostname + ":" + loc.port + "/" + loc.pathname.substr(1, loc.pathname.indexOf("/p/")) + "jserror";
+
+  $.post(url, errObj);
+
+  return false;
+}
+
+var globalExceptionHandlerSetup = false;
+function setupGlobalExceptionHandler() {
+  if (!globalExceptionHandlerSetup) {
+    globalExceptionHandlerSetup = true;
     window.onerror = globalExceptionHandler;
+  } else {
+    // no-op
+    // TODO: Throw an exception here.
   }
 }
 

From f4992fa40e44b0ed6daba7e8b2f12b23b0691d69 Mon Sep 17 00:00:00 2001
From: Chad Weider <cweider@oofn.net>
Date: Mon, 28 May 2012 12:20:45 -0700
Subject: [PATCH 2/2] Data written to document must be escaped.

---
 src/static/js/pad_utils.js | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/static/js/pad_utils.js b/src/static/js/pad_utils.js
index c6aeef77f..6e00dc09c 100644
--- a/src/static/js/pad_utils.js
+++ b/src/static/js/pad_utils.js
@@ -506,8 +506,9 @@ function globalExceptionHandler(msg, url, linenumber) {
     //show javascript errors to the user
     $("#editorloadingbox").css("padding", "10px");
     $("#editorloadingbox").css("padding-top", "45px");
-    $("#editorloadingbox").html("<div style='text-align:left;color:red;font-size:16px;'><b>An error occured</b><br>The error was reported with the following id: '" + errorId + "'<br><br><span style='color:black;font-weight:bold;font-size:16px'>Please send this error message to us: </span><div style='color:black;font-size:14px'>'"
-      + "ErrorId: " + errorId + "<br>UserAgent: " + navigator.userAgent + "<br>" + msg + " in " + url + " at line " + linenumber + "'</div></div>");
+    // TODO: Use Mustache
+    $("#editorloadingbox").html("<div style='text-align:left;color:red;font-size:16px;'><b>An error occured</b><br>The error was reported with the following id: '" + Security.escapeHTML(errorId) + "'<br><br><span style='color:black;font-weight:bold;font-size:16px'>Please send this error message to us: </span><div style='color:black;font-size:14px'>'"
+      + "ErrorId: " + Security.escapeHTML(errorId) + "<br>UserAgent: " + Security.escapeHTML(navigator.userAgent) + "<br>" + Security.escapeHTML(msg) + " in " + Security.escapeHTML(url) + " at line " + Security.escapeHTML(linenumber) + "'</div></div>");
   }
 
   //send javascript errors to the server