From 1d02c022d013eb3325616a7abf4d527e26149725 Mon Sep 17 00:00:00 2001
From: Matti Tahvonen <matti.tahvonen@itmill.com>
Date: Fri, 7 Jan 2011 11:22:54 +0000
Subject: [PATCH] some less critical improvements related to #6200

svn changeset:16814/svn branch:6.5
---
 .../server/AbstractApplicationServlet.java    | 19 +++++++++++--------
 1 file changed, 11 insertions(+), 8 deletions(-)

diff --git a/src/com/vaadin/terminal/gwt/server/AbstractApplicationServlet.java b/src/com/vaadin/terminal/gwt/server/AbstractApplicationServlet.java
index bb544798ae..9379766130 100644
--- a/src/com/vaadin/terminal/gwt/server/AbstractApplicationServlet.java
+++ b/src/com/vaadin/terminal/gwt/server/AbstractApplicationServlet.java
@@ -1793,6 +1793,8 @@ public abstract class AbstractApplicationServlet extends HttpServlet implements
             widgetsetBasePath = getStaticFilesLocation(request);
         }
 
+        widgetset = stripSpecialChars(widgetset);
+
         final String widgetsetFilePath = widgetsetBasePath + "/"
                 + WIDGETSET_DIRECTORY_PATH + widgetset + "/" + widgetset
                 + ".nocache.js?" + new Date().getTime();
@@ -1825,10 +1827,11 @@ public abstract class AbstractApplicationServlet extends HttpServlet implements
         page.write("appUri:'" + appUrl + "', ");
 
         if (window != application.getMainWindow()) {
-            page.write("windowName: '" + window.getName() + "', ");
+            page.write("windowName: \""
+                    + JsonPaintTarget.escapeJSON(window.getName()) + "\", ");
         }
         page.write("themeUri:");
-        page.write(themeUri != null ? "'" + themeUri + "'" : "null");
+        page.write(themeUri != null ? "\"" + themeUri + "\"" : "null");
         page.write(", versionInfo : {vaadinVersion:\"");
         page.write(VERSION);
         page.write("\",applicationVersion:\"");
@@ -1838,15 +1841,15 @@ public abstract class AbstractApplicationServlet extends HttpServlet implements
             // Write the CommunicationError -message to client
             String caption = systemMessages.getCommunicationErrorCaption();
             if (caption != null) {
-                caption = "\"" + caption + "\"";
+                caption = "\"" + JsonPaintTarget.escapeJSON(caption) + "\"";
             }
             String message = systemMessages.getCommunicationErrorMessage();
             if (message != null) {
-                message = "\"" + message + "\"";
+                message = "\"" + JsonPaintTarget.escapeJSON(message) + "\"";
             }
             String url = systemMessages.getCommunicationErrorURL();
             if (url != null) {
-                url = "\"" + url + "\"";
+                url = "\"" + JsonPaintTarget.escapeJSON(url) + "\"";
             }
 
             page.write(",\"comErrMsg\": {" + "\"caption\":" + caption + ","
@@ -1856,15 +1859,15 @@ public abstract class AbstractApplicationServlet extends HttpServlet implements
             // Write the AuthenticationError -message to client
             caption = systemMessages.getAuthenticationErrorCaption();
             if (caption != null) {
-                caption = "\"" + caption + "\"";
+                caption = "\"" + JsonPaintTarget.escapeJSON(caption) + "\"";
             }
             message = systemMessages.getAuthenticationErrorMessage();
             if (message != null) {
-                message = "\"" + message + "\"";
+                message = "\"" + JsonPaintTarget.escapeJSON(message) + "\"";
             }
             url = systemMessages.getAuthenticationErrorURL();
             if (url != null) {
-                url = "\"" + url + "\"";
+                url = "\"" + JsonPaintTarget.escapeJSON(url) + "\"";
             }
 
             page.write(",\"authErrMsg\": {" + "\"caption\":" + caption + ","
-- 
2.39.5