src/hg/hgCollection/hgCollection.c d0e307bce55e3d3a02252ad9fdac0375e1e0893b

d0e307bce55e3d3a02252ad9fdac0375e1e0893b
braney
  Wed Mar 7 22:26:14 2018 -0800
escape single quotes in strings in the JSON that contains the trackDb
contents

diff --git src/hg/hgCollection/hgCollection.c src/hg/hgCollection/hgCollection.c
index 192ef6a..32c620e 100644
--- src/hg/hgCollection/hgCollection.c
+++ src/hg/hgCollection/hgCollection.c
@@ -73,53 +73,73 @@
         {
         hashStore(nameHash, buffer);
         return cloneString(buffer);
         }
     }
 
 return NULL;
 }
 
 static boolean trackCanBeAdded(struct trackDb *tdb)
 // are we allowing this track into a custom composite
 {
 return  (tdb->subtracks == NULL) && !startsWith("wigMaf",tdb->type) &&  (startsWith("wig",tdb->type) || startsWith("bigWig",tdb->type) || startsWith("bedGraph",tdb->type)) ;
 }
 
+static char *escapeLabel(char *label)
+// put a blackslash in front of any single quotes in the input
+{
+char buffer[4096], *eptr = buffer;
+for(; *label; label++)
+    {
+    if (*label == '\'')
+        {
+        *eptr++ = '\\';
+        *eptr++ = '\'';
+        }
+    else
+        *eptr++ = *label;
+    }
+
+*eptr = 0;
+
+return cloneString(buffer);
+}
+
 static void printTrack(char *parent, struct trackDb *tdb,  boolean user)
 // output list elements for a group
 {
 char *userString = "";
 char *title;
 
 if (user)
     title = COLLECTIONTITLE;
 else if (tdb->subtracks)
     title = FOLDERTITLE;
 else
     title = TRACKTITLE;
 
 if (tdb->subtracks)
     userString = "icon:'../images/folderC.png',children:true,";
 else if (user)
     userString = "icon:'fa fa-minus-square',";
 else
     userString = "icon:'fa fa-plus',";
     
 #define IMAKECOLOR_32(r,g,b) ( ((unsigned int)b<<0) | ((unsigned int)g << 8) | ((unsigned int)r << 16))
 
-jsInlineF("{%s id:'%s',li_attr:{title:'%s',shortlabel:'%s', longlabel:'%s',color:'#%06x',name:'%s'},text:'%s (%s)',parent:'%s'}",userString, trackHubSkipHubName(tdb->track),title, tdb->shortLabel, tdb->longLabel, IMAKECOLOR_32(tdb->colorR,tdb->colorG,tdb->colorB),trackHubSkipHubName(tdb->track),tdb->shortLabel,tdb->longLabel,parent);
+jsInlineF("{%s id:'%s',li_attr:{title:'%s',shortlabel:'%s', longlabel:'%s',color:'#%06x',name:'%s'},text:'%s (%s)',parent:'%s'}",userString, trackHubSkipHubName(tdb->track),title, escapeLabel(tdb->shortLabel), escapeLabel(tdb->longLabel), IMAKECOLOR_32(tdb->colorR,tdb->colorG,tdb->colorB),trackHubSkipHubName(tdb->track),escapeLabel(tdb->shortLabel),escapeLabel(tdb->longLabel),parent);
 }
 
 static void outHubHeader(FILE *f, char *db)
 // output a track hub header
 {
 fprintf(f,"hub hub1\n\
 shortLabel Track Collections\n\
 longLabel Track Collections\n\
 useOneFile on\n\
 email genome-www@soe.ucsc.edu\n\n");
 fprintf(f,"genome %s\n\n", db);  
 }
 
 
 static char *getHubName(struct cart *cart, char *db)