Sort out escaping issues

services/web/app/coffee/Features/Editor/EditorController.coffee

@@ -155,7 +155,7 @@ module.exports = EditorController =
 
 	addDoc: (project_id, folder_id, docName, docLines, sl_req_id, callback = (error, doc)->)->
 		{callback, sl_req_id} = slReqIdHelper.getCallbackAndReqId(callback, sl_req_id)
-		docName = sanitize.escape(docName)
+		docName = docName.trim()
 		logger.log sl_req_id:sl_req_id, "sending new doc to project #{project_id}"
 		Metrics.inc "editor.add-doc"
 		ProjectEntityHandler.addDoc project_id, folder_id, docName, docLines, sl_req_id, (err, doc, folder_id)=>
@@ -164,7 +164,7 @@ module.exports = EditorController =
 
 	addFile: (project_id, folder_id, fileName, path, sl_req_id, callback = (error, file)->)->
 		{callback, sl_req_id} = slReqIdHelper.getCallbackAndReqId(callback, sl_req_id)
-		fileName = sanitize.escape(fileName)
+		fileName = fileName.trim()
 		logger.log  sl_req_id:sl_req_id, "sending new file to project #{project_id} with folderid: #{folder_id}"
 		Metrics.inc "editor.add-file"
 		ProjectEntityHandler.addFile project_id, folder_id, fileName, path, (err, fileRef, folder_id)=>
@@ -177,7 +177,7 @@ module.exports = EditorController =
 
 	addFolder: (project_id, folder_id, folderName, sl_req_id, callback = (error, folder)->)->
 		{callback, sl_req_id} = slReqIdHelper.getCallbackAndReqId(callback, sl_req_id)
-		folderName = sanitize.escape(folderName)
+		folderName = folderName.trim()
 		logger.log "sending new folder to project #{project_id}"
 		Metrics.inc "editor.add-folder"
 		ProjectEntityHandler.addFolder project_id, folder_id, folderName, (err, folder, folder_id)=>

services/web/app/coffee/Features/Project/ProjectController.coffee

@@ -87,8 +87,8 @@ module.exports = ProjectController =
 
 	newProject: (req, res)->
 		user = req.session.user
-		projectName = sanitize.escape(req.body.projectName)
-		template = sanitize.escape(req.body.template)
+		projectName = req.body.projectName?.trim()
+		template = req.body.template
 		logger.log user: user, type: template, name: projectName, "creating project"
 		async.waterfall [
 			(cb)->
@@ -201,7 +201,7 @@ module.exports = ProjectController =
 					bodyClasses: ["editor"]
 					project : project
 					project_id : project._id
-					userObject : JSON.stringify({
+					user : {
 						id    : user.id
 						email : user.email
 						first_name : user.first_name
@@ -209,18 +209,18 @@ module.exports = ProjectController =
 						referal_id : user.referal_id
 						subscription :
 							freeTrial: {allowed: allowedFreeTrial}
-					})
-					userSettingsObject: JSON.stringify({
+					}
+					userSettings: {
 						mode  : user.ace.mode
 						theme : user.ace.theme
 						fontSize : user.ace.fontSize
 						autoComplete: user.ace.autoComplete
 						pdfViewer : user.ace.pdfViewer
-					})
-					sharelatexObject : JSON.stringify({
+					}
+					sharelatex : {
 						siteUrl: Settings.siteUrl,
 						jsPath: res.locals.jsPath
-					})
+					}
 					privilegeLevel: privilegeLevel
 					loadPdfjs: (user.ace.pdfViewer == "pdfjs")
 					chatUrl: Settings.apis.chat.url

services/web/app/views/project/editor.jade

@@ -77,11 +77,13 @@ block content
 
 	script(src='/socket.io/socket.io.js')
 
+	//- We need to do .replace(/\//, '\\/') do that '</script>' -> '<\/script>'
+	//- and doesn't prematurely end the script tag.
 	script(type='text/javascript').
 		window.project_id = "!{project_id}"
-		window.sharelatex = !{sharelatexObject};
-		window.userSettings = !{userSettingsObject};
-		window.user = !{userObject};
+		window.sharelatex = !{JSON.stringify(sharelatex).replace(/\//, '\\/')};
+		window.userSettings = !{JSON.stringify(userSettings).replace(/\//, '\\/')};
+		window.user = !{JSON.stringify(user).replace(/\//, '\\/')};
 		window.csrfToken = "!{csrfToken}";
 		window.requirejs = {
 			"paths" : {

services/web/app/views/project/list.jade

@@ -1,10 +1,12 @@
 extends ../layout
 
 block content
+	//- We need to do .replace(/\//, '\\/') do that '</script>' -> '<\/script>'
+	//- and doesn't prematurely end the script tag.
 	script(type="text/javascript").
 		window.data = {
-			projects: !{JSON.stringify(projects)},
-			tags: !{JSON.stringify(tags)}
+			projects: !{JSON.stringify(projects).replace(/\//, '\\/')},
+			tags: !{JSON.stringify(tags).replace(/\//, '\\/')}
 		};
 		window.algolia = {
 			institutions: {

services/web/test/UnitTests/coffee/Project/ProjectControllerTests.coffee

@@ -278,25 +278,22 @@ describe "ProjectController", ->
 				done()
 			@ProjectController.loadEditor @req, @res
 
-		it "should add userObject", (done)->
+		it "should add user", (done)->
 			@res.render = (pageName, opts)=>
-				userObject = JSON.parse(opts.userObject)
-				userObject.email.should.equal @user.email
+				opts.user.email.should.equal @user.email
 				done()
 			@ProjectController.loadEditor @req, @res
 
-		it "should add on userSettingsObject", (done)->
+		it "should add on userSettings", (done)->
 			@res.render = (pageName, opts)=>
-				userSettingsObject = JSON.parse(opts.userSettingsObject)
-				userSettingsObject.fontSize.should.equal @user.ace.fontSize
-				userSettingsObject.theme.should.equal @user.ace.theme
+				opts.userSettings.fontSize.should.equal @user.ace.fontSize
+				opts.userSettings.theme.should.equal @user.ace.theme
 				done()
 			@ProjectController.loadEditor @req, @res
 
-		it "should add sharelatexObject", (done)->
+		it "should add sharelatex", (done)->
 			@res.render = (pageName, opts)=>
-				sharelatexObject = JSON.parse(opts.sharelatexObject)
-				sharelatexObject.siteUrl.should.equal @settings.siteUrl
+				opts.sharelatex.siteUrl.should.equal @settings.siteUrl
 				done()
 			@ProjectController.loadEditor @req, @res