Do proper javascript escaping in password_fill

misc/userscripts/password_fill

@@ -60,6 +60,12 @@ die() {
     exit 0
 }
 
+javascript_escape() {
+    # print the first argument in a escaped way, such that it can savely
+    # be used within javascripts double quotes
+    sed "s,[\\\'\"],\\\&,g" <<< "$1"
+}
+
 # ======================================================= #
 # CONFIGURATION
 # ======================================================= #
@@ -313,10 +319,10 @@ cat <<EOF
         for (var j = 0; j < inputs.length; j++) {
             var input = inputs[j];
             if (input.type == "text" || input.type == "email") {
-                input.value = "$username";
+                input.value = "$(javascript_escape "${username}")";
             }
             if (input.type == "password") {
-                input.value = "${password//\"/\\\"}";
+                input.value = "$(javascript_escape "${password}")";
             }
         }
     };