escape fixes

Author: IxiAngel

Spixi/Resources/Raw/html/js/chat.js

@@ -495,15 +495,15 @@ function linkify(text) {
 }
 
 function visitLink(url) {
-    location.href = "ixian:openLink:" + escapeParameter(url);
+    location.href = "ixian:openLink:" + url;
     hideModalDialog();
 }
 
 function onExternalLink(e, url) {
     var title = SL_Modals["externalLinkTitle"];
     var body = SL_Modals["externalLinkBody"];
     body = body.replace("{0}", "<b>" + url + "</b>");
-    var visitButtonHtml = "<div onclick=\"visitLink('" + url + "');\">" + SL_Modals["externalLinkButtonVisit"] + "</div>";
+    var visitButtonHtml = "<div onclick=\"visitLink('" + escapeParameter(url) + "');\">" + SL_Modals["externalLinkButtonVisit"] + "</div>";
     var cancelBtnHtml = "<div onclick='hideModalDialog();'>" + SL_Modals["cancel"] + "</div>";
     showModalDialog(title, body, cancelBtnHtml, visitButtonHtml);
     e.stopPropagation();

Spixi/Resources/Raw/html/js/spixi.js

@@ -34,19 +34,20 @@ function executeUiCommand(cmd) {
 function unescapeParameter(str) {
     return str.replace(/>/g, ">")
         .replace(/&lt;/g, "<")
-        .replace(/&#92;/g, "\\")
-        .replace(/&#39;/g, "'")
-        .replace(/&#34;/g, "\"")
+        .replace(/&bsol;/g, "\\")
+        .replace(/&apos;/g, "'")
+        .replace(/&quot;/g, "\"")
         .replace(/&amp;/g, "&");
 }
 
 function escapeParameter(str) {
     return str
         .replace(/&(?!#\d+;|#x[\da-fA-F]+;)/g, "&amp;")
-        .replace(/</g, "&lt;")
-        .replace(/>/g, "&gt;")
         .replace(/"/g, "&quot;")
-        .replace(/'/g, "&#39;");
+        .replace(/'/g, "&apos;")
+        .replace(/\\/g, "&bsol;")
+        .replace(/</g, "&lt;")
+        .replace(/>/g, "&gt;");
 }
 
 function quickScanJS() {