Fix injection vulnerability in Block Factories.

Fixes issue #756.

demos/blockfactory/factory_utils.js

@@ -902,9 +902,9 @@ FactoryUtils.defineAndGetBlockTypes = function(blockDefsString, format) {
 FactoryUtils.injectCode = function(code, id) {
   var pre = document.getElementById(id);
   pre.textContent = code;
-  code = pre.textContent;
-  code = PR.prettyPrintOne(code, 'js');
-  pre.innerHTML = code;
+  // Remove the 'prettyprinted' class, so that Prettify will recalculate.
+  pre.className = pre.className.replace('prettyprinted', '');
+  PR.prettyPrint();
 };
 
 /**

demos/blockfactory/index.html

@@ -124,11 +124,11 @@
       <h3>Export Preview</h3>
       <div id="blockDefs" class="exportPreviewTextArea">
         <p id="blockDefs_label">Block Definitions:</p>
-        <pre id="blockDefs_textArea"></pre>
+        <pre id="blockDefs_textArea" class="prettyprint lang-js"></pre>
       </div>
       <div id="genStubs" class="exportPreviewTextArea">
         <p id="genStubs_label">Generator Stubs:</p>
-        <pre id="genStubs_textArea"></pre>
+        <pre id="genStubs_textArea" class="prettyprint lang-js"></pre>
       </div>
     </div>
   </div>
@@ -378,7 +378,7 @@
           </tr>
           <tr>
             <td height="30%">
-              <pre id="languagePre"></pre>
+              <pre id="languagePre" class="prettyprint lang-js"></pre>
               <textarea id="languageTA"></textarea>
             </td>
           </tr>
@@ -397,7 +397,7 @@
           </tr>
           <tr>
             <td height="30%">
-              <pre id="generatorPre"></pre>
+              <pre id="generatorPre" class="prettyprint lang-js"></pre>
             </td>
           </tr>
         </table>

demos/blockfactory_old/factory.js

@@ -748,9 +748,9 @@ function updatePreview() {
 function injectCode(code, id) {
   var pre = document.getElementById(id);
   pre.textContent = code;
-  code = pre.textContent;
-  code = PR.prettyPrintOne(code, 'js');
-  pre.innerHTML = code;
+  // Remove the 'prettyprinted' class, so that Prettify will recalculate.
+  pre.className = pre.className.replace('prettyprinted', '');
+  PR.prettyPrint();
 }
 
 /**

demos/blockfactory_old/index.html

@@ -148,7 +148,7 @@
           </tr>
           <tr>
             <td height="30%">
-              <pre id="languagePre"></pre>
+              <pre id="languagePre" class="prettyprint lang-js"></pre>
               <textarea id="languageTA"></textarea>
             </td>
           </tr>
@@ -167,7 +167,7 @@
           </tr>
           <tr>
             <td height="30%">
-              <pre id="generatorPre"></pre>
+              <pre id="generatorPre" class="prettyprint lang-js"></pre>
             </td>
           </tr>
         </table>