From f0c12d38845a46085e96b101b47c43116da039cf Mon Sep 17 00:00:00 2001
From: John McLear <john@mclear.co.uk>
Date: Mon, 6 Oct 2014 14:18:54 +0100
Subject: [PATCH 1/2] escape useragent before displaying

---
 src/static/js/pad_utils.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/static/js/pad_utils.js b/src/static/js/pad_utils.js
index bab6aa432..bcfa95cc6 100644
--- a/src/static/js/pad_utils.js
+++ b/src/static/js/pad_utils.js
@@ -520,7 +520,7 @@ function setupGlobalExceptionHandler() {
         $("#editorloadingbox").css("padding", "10px");
         $("#editorloadingbox").css("padding-top", "45px");
         $("#editorloadingbox").html("<div style='text-align:left;color:red;font-size:16px;'><b>An error occured</b><br>The error was reported with the following id: '" + errorId + "'<br><br><span style='color:black;font-weight:bold;font-size:16px'>Please press and hold Ctrl and press F5 to reload this page, if the problem persists please send this error message to your webmaster: </span><div style='color:black;font-size:14px'>'"
-          + "ErrorId: " + errorId + "<br>URL: " + window.location.href + "<br>UserAgent: " + navigator.userAgent + "<br>" + msg + " in " + url + " at line " + linenumber + "'</div></div>");
+          + "ErrorId: " + errorId + "<br>URL: " + window.location.href + "<br>UserAgent: " + padutils.escapeHtml(navigator.userAgent) + "<br>" + msg + " in " + url + " at line " + linenumber + "'</div></div>");
       }
 
       //send javascript errors to the server

From 0962f65c085bc11c4441d5e11049ba68c5fdea11 Mon Sep 17 00:00:00 2001
From: John McLear <john@mclear.co.uk>
Date: Mon, 6 Oct 2014 14:23:13 +0100
Subject: [PATCH 2/2] I prefer this..

---
 src/static/js/pad_utils.js | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/static/js/pad_utils.js b/src/static/js/pad_utils.js
index bcfa95cc6..c2ff6fd0e 100644
--- a/src/static/js/pad_utils.js
+++ b/src/static/js/pad_utils.js
@@ -515,12 +515,13 @@ function setupGlobalExceptionHandler() {
     globalExceptionHandler = function test (msg, url, linenumber)
     {
       var errorId = randomString(20);
+      var userAgent = padutils.escapeHtml(navigator.userAgent);
       if ($("#editorloadingbox").attr("display") != "none"){
         //show javascript errors to the user
         $("#editorloadingbox").css("padding", "10px");
         $("#editorloadingbox").css("padding-top", "45px");
         $("#editorloadingbox").html("<div style='text-align:left;color:red;font-size:16px;'><b>An error occured</b><br>The error was reported with the following id: '" + errorId + "'<br><br><span style='color:black;font-weight:bold;font-size:16px'>Please press and hold Ctrl and press F5 to reload this page, if the problem persists please send this error message to your webmaster: </span><div style='color:black;font-size:14px'>'"
-          + "ErrorId: " + errorId + "<br>URL: " + window.location.href + "<br>UserAgent: " + padutils.escapeHtml(navigator.userAgent) + "<br>" + msg + " in " + url + " at line " + linenumber + "'</div></div>");
+          + "ErrorId: " + errorId + "<br>URL: " + window.location.href + "<br>UserAgent: " + userAgent + "<br>" + msg + " in " + url + " at line " + linenumber + "'</div></div>");
       }
 
       //send javascript errors to the server