From df2dd2cb80d0e7a6652e1600ab6a0805ecb84d98 Mon Sep 17 00:00:00 2001
From: James Allen <james@sharelatex.com>
Date: Thu, 3 Jan 2019 10:01:06 +0000
Subject: [PATCH] Merge pull request #1308 from
 sharelatex/spd-open-in-overleaf-form-character-encoding

Open in Overleaf: Fix character-encoding problems when passing content via 'snip' parameter

GitOrigin-RevId: d5d9faef8583696dfe7c94e4b5dfd88fc5bf6f4a
---
 .../Features/Helpers/StringHelper.coffee       | 18 ++++++++++++++++++
 .../coffee/infrastructure/ExpressLocals.coffee |  4 ++++
 2 files changed, 22 insertions(+)
 create mode 100644 services/web/app/coffee/Features/Helpers/StringHelper.coffee

diff --git a/services/web/app/coffee/Features/Helpers/StringHelper.coffee b/services/web/app/coffee/Features/Helpers/StringHelper.coffee
new file mode 100644
index 0000000000..f13c5afa3a
--- /dev/null
+++ b/services/web/app/coffee/Features/Helpers/StringHelper.coffee
@@ -0,0 +1,18 @@
+JSON_ESCAPE_REGEXP = /[\u2028\u2029&><]/g
+
+JSON_ESCAPE =
+	'&': '\\u0026'
+	'>': '\\u003e'
+	'<': '\\u003c'
+	'\u2028': '\\u2028'
+	'\u2029': '\\u2029'
+
+module.exports = StringHelper =
+	# stringifies and escapes a json object for use in a script. This ensures that &, < and > characters are escaped,
+	# along with quotes. This ensures that the string can be safely rendered into HTML. See rationale at:
+	# https://api.rubyonrails.org/classes/ERB/Util.html#method-c-json_escape
+	# and implementation lifted from:
+	# https://github.com/ember-fastboot/fastboot/blob/cafd96c48564d8384eb83dc908303dba8ece10fd/src/ember-app.js#L496-L510
+	stringifyJsonForScript: (object) ->
+		return JSON.stringify(object).replace JSON_ESCAPE_REGEXP, (match) ->
+			return JSON_ESCAPE[match]
diff --git a/services/web/app/coffee/infrastructure/ExpressLocals.coffee b/services/web/app/coffee/infrastructure/ExpressLocals.coffee
index 2eb51b9bf8..2a82b9ed34 100644
--- a/services/web/app/coffee/infrastructure/ExpressLocals.coffee
+++ b/services/web/app/coffee/infrastructure/ExpressLocals.coffee
@@ -226,6 +226,10 @@ module.exports = (app, webRouter, privateApiRouter, publicApiRouter)->
 			return email
 		next()
 
+	webRouter.use (req, res, next) ->
+		res.locals.StringHelper = require('../Features/Helpers/StringHelper')
+		next()
+
 	webRouter.use (req, res, next)->
 		res.locals.formatProjectPublicAccessLevel = (privilegeLevel)->
 			formatedPrivileges = private:"Private", readOnly:"Public: Read Only", readAndWrite:"Public: Read and Write"