Make history title inclusion safer (createTextNode changes)....

chrome/browser/resources/history.html

 <!DOCTYPE HTML>
 <html id="t">
 <head>
 <meta charset="utf-8">
 <title jscontent="title"></title>
 <script type="text/javascript">
 ///////////////////////////////////////////////////////////////////////////////
 // Globals:
 var RESULTS_PER_PAGE = 150;
 var MAX_SEARCH_DEPTH_MONTHS = 18;
 
 // Amount of time between pageviews that we consider a 'break' in browsing,
 // measured in milliseconds.
 var BROWSING_GAP_TIME = 15 * 60 * 1000;
 
 function $(o) {return document.getElementById(o);}
 
+function createElementWithClassName(type, className) {
+  var elm = document.createElement(type);
+  elm.className = className;
+  return elm;
+}
+
 // TODO(glen): Get rid of these global references, replace with a controller
 //     or just make the classes own more of the page.
 var historyModel;
 var historyView;
 var localStrings;
 var pageState;
+var deleteQueue = [];
+var deleteInFlight = false;
 
 ///////////////////////////////////////////////////////////////////////////////
 // localStrings:
 /**
  * We get strings into the page by using JSTemplate to populate some elements
  * with localized content, then reading the content of those elements into
  * this global strings object.
  * @param {Node} node The DOM node containing all our strings.
  */
 function LocalStrings(node) {
@@ skipping 33 matching lines @@
 /**
  * Class to hold all the information about an entry in our model.
  * @param {Object} result An object containing the page's data.
  * @param {boolean} continued Whether this page is on the same day as the
  *     page before it
  */
 function Page(result, continued, model) {
   this.model_ = model;
   this.title_ = result.title;
   this.url_ = result.url;
+  this.starred_ = result.starred;
   this.snippet_ = result.snippet || "";
 
   this.changed = false;
 
   // All the date information is public so that owners can compare properties of
   // two items easily.
 
   // We get the time in seconds, but we want it in milliseconds.
   this.time = new Date(result.time * 1000);
 
   // See comment in BrowsingHistoryHandler::QueryComplete - we won't always
   // get all of these.
   this.dateRelativeDay = result.dateRelativeDay || "";
   this.dateTimeOfDay = result.dateTimeOfDay || "";
   this.dateShort = result.dateShort || "";
 
   // Whether this is the continuation of a previous day.
   this.continued = continued;
 }
 
 // Page, Public: --------------------------------------------------------------
 /**
- * @return {string} Gets the HTML representation of the page
+ * @return {DOMObject} Gets the DOM representation of the page
  *     for use in browse results.
  */
-Page.prototype.getBrowseResultHTML = function() {
-  return '<div class="entry">' +
-           '<div class="time">' +
-             this.dateTimeOfDay +
-           '</div>' +
-           this.getTitleHTML_() +
-         '</div>';
+Page.prototype.getBrowseResultDOM = function() {
+  var node = createElementWithClassName('div', 'entry');
+  var time = createElementWithClassName('div', 'time');
+  time.appendChild(document.createTextNode(this.dateTimeOfDay));
+  node.appendChild(time);
+  node.appendChild(this.getTitleDOM_());
+  return node;
 }
 
 /**
- * @return {string} Gets the HTML representation of the page for
+ * @return {DOMObject} Gets the DOM representation of the page for
  *     use in search results.
  */
-Page.prototype.getSearchResultHTML = function() {
-  return '<tr class="entry"><td valign="top">' +
-           '<div class="time">' +
-             this.dateShort +
-           '</div>' +
-         '</td><td valign="top">' +
-           this.getTitleHTML_() +
-           '<div class="snippet">' +
-             this.getHighlightedSnippet_() +
-           '</div>' +
-         '</td></tr>';
+Page.prototype.getSearchResultDOM = function() {
+  var row = createElementWithClassName('tr', 'entry');
+  var datecell = createElementWithClassName('td', 'time');
+  datecell.appendChild(document.createTextNode(this.dateShort));
+  row.appendChild(datecell);
+
+  var titleCell = document.createElement('td');
+  titleCell.valign = 'top';
+  titleCell.appendChild(this.getTitleDOM_());
+  var snippet = createElementWithClassName('div', 'snippet');
+  snippet.appendChild(document.createTextNode(this.snippet_));
+  this.highlightNodeContent_(snippet);
+  titleCell.appendChild(snippet);
+  row.appendChild(titleCell);
+
+  return row;
 }
 
 // Page, private: -------------------------------------------------------------
 /**
- * @return {string} The page's snippet highlighted with the model's
- *     current search term.
+ * Highlights the content of a node with the current search text.
+ * @param {DOMObject} node to highlight
  */
-Page.prototype.getHighlightedSnippet_ = function() {
-  return Page.getHighlightedText_(this.snippet_, this.model_.getSearchText());
+Page.prototype.highlightNodeContent_ = function(node) {
+  node.innerHTML = Page.getHighlightedText_(node.innerHTML,
+                                            this.model_.getSearchText());
 }
 
 /**
- * @return {string} Gets the page's title highlighted with the
- *     model's current search term.
+ * @return {DOMObject} DOM representation for the title block.
  */
-Page.prototype.getHighlightedTitle_ = function() {
-  return Page.getHighlightedText_(this.title_, this.model_.getSearchText());
-}
+Page.prototype.getTitleDOM_ = function() {
+  var node = document.createElement('div');
+  node.className = 'title';
+  var link = document.createElement('a');
+  link.href = this.url_;
+  link.style.backgroundImage = 'url(chrome-ui://favicon/' + this.url_ + ')';
+  link.appendChild(document.createTextNode(this.title_));
+  this.highlightNodeContent_(link);
 
-/**
- * @return {string} HTML for the title block.
- */
-Page.prototype.getTitleHTML_ = function() {
-  return '<div class="title">' +
-           '<a ' +
-             'href="' + this.url_ + '" ' +
-             'style="background-image:url(chrome-ui://favicon/' +
-                 this.url_ + ')" ' +
-             '>' +
-             this.getHighlightedTitle_() +
-           '</a>' +
-         '</div>';
+  node.appendChild(link);
+
+  if (this.starred_) {
+    node.appendChild(createElementWithClassName('div', 'starred'));
+  }
+
+  return node;
 }
 
 // Page, private, static: -----------------------------------------------------
 /**
  * Case-insensitively highlights a string.
  * @param {string} str The source string
  * @param {string} opt_highlight The string to highlight with
  * @return {string} The highlighted string
  */
 Page.getHighlightedText_ = function(str, opt_highlight ) {
@@ skipping 70 matching lines @@
   return this.searchText_;
 }
 
 /**
  * Tell the model that the view will want to see the current page. When
  * the data becomes available, the model will call the view back.
  * @page {Number} page The page we want to view.
  */
 HistoryModel.prototype.requestPage = function(page) {
   this.requestedPage_ = page;
+  this.changed = true;
   this.updateSearch_();
 }
 
 /**
  * Receiver for history query.
  * @param {String} term The search term that the results are for.
  * @param {Array} results A list of results
  */
 HistoryModel.prototype.addResults = function(term, results) {
   this.inFlight_ = false;
@@ skipping 211 matching lines @@
  */
 HistoryView.prototype.onModelReady = function() {
   this.displayResults_();
 }
 
 // HistoryView, private: ------------------------------------------------------
 /**
  * Update the page with results.
  */
 HistoryView.prototype.displayResults_ = function() {
-  var output = [];
+  this.resultDiv_.innerHTML = '';
+
   var results = this.model_.getNumberedRange(
       this.pageIndex_ * RESULTS_PER_PAGE,
       this.pageIndex_ * RESULTS_PER_PAGE + RESULTS_PER_PAGE);
 
   if (this.model_.getSearchText()) {
-    output.push('<table class="results" cellspacing="0" ',
-                'cellpadding="0" border="0">');
+    var resultTable = createElementWithClassName('table', 'results');
+    resultTable.cellSpacing = 0;
+    resultTable.cellPadding = 0;
+    resultTable.border = 0;
+
     for (var i = 0, page; page = results[i]; i++) {
-      output.push(page.getSearchResultHTML());
+      resultTable.appendChild(page.getSearchResultDOM());
     }
-    output.push('</table>');
+    this.resultDiv_.appendChild(resultTable);
   } else {
     var lastTime = Math.infinity;
     for (var i = 0, page; page = results[i]; i++) {
       // Break across day boundaries and insert gaps for browsing pauses.
       var thisTime = page.time.getTime();
 
       if ((i == 0 && page.continued) || !page.continued) {
-        output.push('<div class="day">' + page.dateRelativeDay);
+        var day = createElementWithClassName('div', 'day');
+        day.appendChild(document.createTextNode(page.dateRelativeDay));
 
-        if (i == 0 && page.continued)
-          output.push(' ' + localStrings.getString('cont'));
+        if (i == 0 && page.continued) {
+          day.appendChild(document.createTextNode(' ' +
+              localStrings.getString('cont')));
+        }
 
-        output.push('<a href="#" class="delete-day" ' +
-                    'onclick="return deleteDay(\'' +
-                    page.time.toString() + '\');">' +
-                    localStrings.getString("deleteday") + '</a>');
-        output.push('</div>');
+        var link = createElementWithClassName('a', 'delete-day');
+        link.href = '#';
+        link.time = page.time.toString();
+        link.onclick = deleteDay;
+        link.appendChild(
+            document.createTextNode(localStrings.getString("deleteday")));
+
+        day.appendChild(link);
+        this.resultDiv_.appendChild(day);
       } else if (lastTime - thisTime > BROWSING_GAP_TIME) {
-        output.push('<div class="gap"></div>');
+        this.resultDiv_.appendChild(createElementWithClassName('div', 'gap'));
       }
       lastTime = thisTime;
 
-      // Draw entry.
-      output.push(page.getBrowseResultHTML());
+      // Add entry.
+      this.resultDiv_.appendChild(page.getBrowseResultDOM());
     }
   }
-  this.resultDiv_.innerHTML = output.join("");
+
   this.displaySummaryBar_();
   this.displayNavBar_();
 }
 
 /**
  * Update the summary bar with descriptive text.
  */
 HistoryView.prototype.displaySummaryBar_ = function() {
   var searchText = this.model_.getSearchText();
   if (searchText != '') {
@@ skipping 129 matching lines @@
   }
 
   return newHash.join("&");
 }
 
 ///////////////////////////////////////////////////////////////////////////////
 // Document Functions:
 /**
  * Window onload handler, sets up the page.
  */
- function load() {
+function load() {
+  $('term').focus();
+
   localStrings = new LocalStrings($('l10n'));
   historyModel = new HistoryModel();
   historyView = new HistoryView(historyModel);
   pageState = new PageState(historyModel, historyView);
 
   // Create default view.
   var hashData = pageState.getHashData();
   historyView.setSearch(hashData.q, hashData.p);
 }
 
@@ skipping 14 matching lines @@
  * @param {number} page The page to set the view to.
  */
 function setPage(page) {
   if (historyView) {
     historyView.setPage(page);
   }
 }
 
 /**
  * Delete a day from history.
+ * TODO: Add UI to indicate that something is happening.
  * @param {number} time A time from the day we wish to delete.
  */
-function deleteDay(time) {
-  if (confirm(localStrings.getString("deletedaywarning")))
-    chrome.send("deleteDay", [time.toString()]);
+function deleteDay() {
+  var time = this.time;
+
+  // Check to see if item is already being deleted.
+  for (var i = 0, deleting; deleting = deleteQueue[i]; i++) {
+    if (deleting == time)
+      return false;
+  }
+
+  if (confirm(localStrings.getString("deletedaywarning"))) {
+    deleteQueue.push(time);
+    deleteNextInQueue();
+  }
+
   return false;
 }
 
+/**
+ * Delete the next item in our deletion queue.
+ */
+function deleteNextInQueue() {
+  if (!deleteInFlight && deleteQueue.length) {
+    deleteInFlight = true;
+    chrome.send("deleteDay", [deleteQueue[0]]);
+  }
+}
+
 ///////////////////////////////////////////////////////////////////////////////
 // Chrome callbacks:
 /**
  * Our history system calls this function with results from searches.
  */
 function historyResult(term, results) {
   historyModel.addResults(term, results);
 }
 
 /**
  * Our history system calls this function when a deletion has finished.
  */
 function deleteComplete() {
   historyView.reload();
+  deleteInFlight = false;
+  if (deleteQueue.length > 1) {
+    deleteQueue = deleteQueue.slice(1, deleteQueue.length);
+    deleteNextInQueue();
+  }
+}
+
+/**
+ * Our history system calls this function if a delete is not ready (e.g.
+ * another delete is in-progress).
+ */
+function deleteFailed() {
+  // The deletion failed - try again later.
+  deleteInFlight = false;
+  setTimeout(deleteNextInQueue, 500);
 }
 </script>
 <style type="text/css">
 body {
   font-family:arial;
   background-color:white;
   color:black;
   font-size:84%;
   margin:10px;
 }
@@ skipping 52 matching lines @@
 }
 .entry .title {
   max-width:600px;
   overflow: hidden;
   white-space: nowrap;
   text-overflow: ellipsis;
 }
 .results .time, .results .title {
   margin-top:18px;
 }
+.starred {
+  background:url('../../app/theme/star_small.png');
+  background-repeat:no-repeat;
+  display:inline-block;
+  margin-left:12px;
+  width:11px;
+  height:11px;
+}
 .entry .title a {
   background-repeat:no-repeat;
   background-size:16px;
   background-position:0px 1px;
   padding:1px 0px 4px 22px;
 }
 html[dir='rtl'] .entry .title a {
   background-position:right;
   padding-left:0px;
   padding-right:22px;
@@ skipping 39 matching lines @@
   <span id="searchresultsfor" jscontent="searchresultsfor">Search results for '%s'</span>
   <span id="history" jscontent="history">History</span>
   <span id="cont" jscontent="cont">(cont.)</span>
   <span id="noresults" jscontent="noresults">No results</span>
   <span id="noitems" jscontent="noitems">No items</span>
   <span id="deleteday" jscontent="deleteday">Delete history for this day</span>
   <span id="deletedaywarning" jscontent="deletedaywarning">Are you sure you want to delete this day?</span>
 </div>
 </body>
 </html>