From a01deb1b1a112d23589289e7ed491295b7611b85 Mon Sep 17 00:00:00 2001
From: Dries Buytaert <dries@buytaert.net>
Date: Sun, 23 Mar 2008 14:55:26 +0000
Subject: [PATCH] - Ported a missing Drupal 6.1 security fix.

---
 misc/drupal.js | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/misc/drupal.js b/misc/drupal.js
index 04dd70c6634..50498d87397 100644
--- a/misc/drupal.js
+++ b/misc/drupal.js
@@ -51,7 +51,8 @@ Drupal.checkPlain = function(str) {
   str = String(str);
   var replace = { '&': '&amp;', '"': '&quot;', '<': '&lt;', '>': '&gt;' };
   for (var character in replace) {
-    str = str.replace(character, replace[character]);
+    var regex = new RegExp(character, 'g');
+    str = str.replace(regex, replace[character]);
   }
   return str;
 };