escape find values in url

static/js/embedDialog.js

@@ -290,10 +290,7 @@ pandora.ui.embedDialog = function(/*[url, ]callback*/) {
                 ? '%' + char.charCodeAt(0).toString(16).toUpperCase()
                 : char;
         });
-        return ret.replace(/_/g, '%09')
-            .replace(/\s/g, '_')
-            .replace(/</g, '%0E')
-            .replace(/>/g, '%0F');
+        return pandora.escapeQueryValue(ret);
     }
 
     function getForm() {

static/js/infoView.0xdb.js

@@ -781,7 +781,7 @@ pandora.ui.infoView = function(data) {
     function formatValue(value, key) {
         return (Ox.isArray(value) ? value : [value]).map(function(value) {
             return key ?
-                '<a href="/' + key + '=' + value + '">' + value + '</a>'
+                '<a href="/' + key + '=' + pandora.escapeQueryValue(value) + '">' + value + '</a>'
                 : value;
         }).join(', ');
     }

static/js/infoView.indiancinema.js

@@ -694,7 +694,7 @@ pandora.ui.infoView = function(data) {
             return key
                 ? '<a href="/' + (
                     key == 'alternativeTitles' ? 'title' : key
-                ) + '=' + value + '">' + value + '</a>'
+                ) + '=' + pandora.escapeQueryValue(value) + '">' + value + '</a>'
                 : value;
         }).join(Ox.contains(specialListKeys, key) ? '; ' : ', ');
     }

static/js/infoView.padma.js

@@ -586,7 +586,7 @@ pandora.ui.infoView = function(data) {
     function formatLink(key, value, linkValue) {
         return (Ox.isArray(value) ? value : [value]).map(function(value) {
             return key
-                ? '<a href="/' + key + '=' + (linkValue ? linkValue : value) + '">' + value + '</a>'
+                ? '<a href="/' + key + '=' + pandora.escapeQueryValue(linkValue ? linkValue : value) + '">' + value + '</a>'
                 : value;
         }).join(', ');
     }

static/js/insertEmbedDialog.js

@@ -442,7 +442,7 @@ pandora.ui.insertEmbedDialog = function(/*[url, ]callback*/) {
             var data = Ox.map($input, function($element) {
                     return $element.options('value');
                 }),
-                options = Ox.serialize({
+                options = pandora.escapeQueryValue(Ox.serialize({
                     title: data.title || void 0,
                     showTimeline: data.showTimeline || void 0,
                     timeline: data.timeline && data.timeline != 'default'
@@ -451,8 +451,7 @@ pandora.ui.insertEmbedDialog = function(/*[url, ]callback*/) {
                     showLayers: data.showAnnotations && data.showLayers
                         ? data.showLayers : void 0,
                     //matchRatio: true
-                }, true)
-                .replace(/_/g, '%09').replace(/\s/g, '_')
+                }, true))
                 .replace(/"/g, '"');
             url = data.protocol + '://'
                 + data.site + '/'

static/js/utils.js

@@ -1046,6 +1046,13 @@ pandora.enableDragAndDrop = function($list, canMove, section, getItems) {
 
 };
 
+pandora.escapeQueryValue = function(value) {
+    return value.replace(/_/g, '%09')
+        .replace(/\s/g, '_')
+        .replace(/</g, '%0E')
+        .replace(/>/g, '%0F');
+};
+
 pandora.enterFullscreen = function() {
     pandora.$ui.appPanel.size(0, 0);
     if (pandora.user.ui.showSidebar) {