Use script() for <script>

2018-01-12 15:27:44 +01:00 · 2018-01-12 15:27:44 +01:00 · e645693147
parent 12fbfc9847
commit e645693147
21 changed files with 69 additions and 64 deletions
--- a/adminer/create.inc.php
+++ b/adminer/create.inc.php
@ -163,7 +163,7 @@ foreach ($engines as $engine) {
 <p>
 <?php if (support("columns") || $TABLE == "") { ?>
 <?php echo lang('Table name'); ?>: <input name="name" maxlength="64" value="<?php echo h($row["name"]); ?>" autocapitalize="off">
-<?php if ($TABLE == "" && !$_POST) { ?><script>focus(qs('#form')['name']);</script><?php } ?>
+<?php if ($TABLE == "" && !$_POST) { echo script("focus(qs('#form')['name']);"); } ?>
 <?php echo ($engines ? "<select name='Engine' onchange='helpClose();'" . on_help("getTarget(event).value", 1) . ">" . optionlist(array("" => "(" . lang('engine') . ")") + $engines, $row["Engine"]) . "</select>" : ""); ?>
 <?php echo ($collations && !preg_match("~sqlite|mssql~", $jush) ? html_select("Collation", array("" => "(" . lang('collation') . ")") + $collations, $row["Collation"]) : ""); ?>
 <input type="submit" value="<?php echo lang('Save'); ?>">
@ -187,7 +187,7 @@ edit_fields($row["fields"], $collations, "TABLE", $foreign_keys, $comments);
 <p>
 <?php echo lang('Auto Increment'); ?>: <input type="number" name="Auto_increment" size="6" value="<?php echo h($row["Auto_increment"]); ?>">
 <?php echo checkbox("defaults", 1, true, lang('Default values'), "columnShow(this.checked, 5)", "jsonly"); ?>
-<?php if (!$_POST["defaults"]) { ?><script>editingHideDefaults()</script><?php } ?>
+<?php if (!$_POST["defaults"]) { echo script("editingHideDefaults();"); } ?>
 <?php echo (support("comment")
 	? "<label><input type='checkbox' name='comments' value='1' class='jsonly' onclick=\"columnShow(this.checked, 6); toggle('Comment'); if (this.checked) this.form['Comment'].focus();\"" . ($comments ? " checked" : "") . ">" . lang('Comment') . "</label>"
 		. ' <input name="Comment" id="Comment" value="' . h($row["Comment"]) . '" maxlength="' . ($connection->server_info >= 5.5 ? 2048 : 60) . '"' . ($comments ? '' : ' class="hidden"') . '>'
--- a/adminer/database.inc.php
+++ b/adminer/database.inc.php
@ -65,8 +65,8 @@ echo ($_POST["add_x"] || strpos($name, "\n")
 	'sql' => "charset-charsets.html",
 	'mssql' => "ms187963.aspx",
 )) : "");
+echo script("focus(qs('#name'));");
 ?>
-<script>focus(qs('#name'));</script>
 <input type="submit" value="<?php echo lang('Save'); ?>">
 <?php
 if (DB != "") {
--- a/adminer/db.inc.php
+++ b/adminer/db.inc.php
@ -64,7 +64,7 @@ if ($adminer->homepage()) {
 			}
 			$doc_link = doc_link(array('sql' => 'show-table-status.html'));
 			echo "<table cellspacing='0' class='nowrap checkable'>\n";
-			echo "<script>mixin(qsl('table'), {onclick: tableClick, ondblclick: partialArg(tableClick, true)});</script>\n";
+			echo script("mixin(qsl('table'), {onclick: tableClick, ondblclick: partialArg(tableClick, true)});");
 			echo '<thead><tr class="wrap"><td><input id="check-all" type="checkbox" onclick="formCheck.call(this, /^(tables|views)\[/);" class="jsonly">';
 			echo '<th>' . lang('Table');
 			echo '<td>' . lang('Engine') . doc_link(array('sql' => 'storage-engines.html'));
@ -141,7 +141,7 @@ if ($adminer->homepage()) {
 				echo "</div></fieldset>\n";
 			}
 			echo "</form>\n";
-			echo "<script>tableCheck();</script>\n";
+			echo script("tableCheck();");
 		}

 		echo '<p class="links"><a href="' . h(ME) . 'create=">' . lang('Create table') . "</a>\n";
@ -222,7 +222,7 @@ if ($adminer->homepage()) {
 		}

 		if ($tables_list) {
-			echo "<script>ajaxSetHtml('" . js_escape(ME) . "script=db');</script>\n";
+			echo script("ajaxSetHtml('" . js_escape(ME) . "script=db');");
 		}
 	}
 }
--- a/adminer/dump.inc.php
+++ b/adminer/dump.inc.php
@ -189,7 +189,7 @@ if (DB != "") {
 	echo $views;

 	if ($tables_list) {
-		echo "<script>ajaxSetHtml('" . js_escape(ME) . "script=db');</script>\n";
+		echo script("ajaxSetHtml('" . js_escape(ME) . "script=db');");
 	}

 } else {
--- a/adminer/include/adminer.inc.php
+++ b/adminer/include/adminer.inc.php
@ -100,10 +100,8 @@ class Adminer {
 <tr><th><?php echo lang('Password'); ?><td><input type="password" name="auth[password]">
 <tr><th><?php echo lang('Database'); ?><td><input name="auth[db]" value="<?php echo h($_GET["db"]); ?>" autocapitalize="off">
 </table>
-<script>
-focus(qs('#username'));
-</script>
 <?php
+		echo script("focus(qs('#username'));"); 
 		echo "<p><input type='submit' value='" . lang('Login') . "'>\n";
 		echo checkbox("auth[permanent]", 1, $_COOKIE["adminer_permanent"], lang('Permanent login')) . "\n";
 	}
@ -336,7 +334,7 @@ focus(qs('#username'));
 			if ($index["type"] == "FULLTEXT") {
 				echo "(<i>" . implode("</i>, <i>", array_map('h', $index["columns"])) . "</i>) AGAINST";
 				echo " <input type='search' name='fulltext[$i]' value='" . h($_GET["fulltext"][$i]) . "'>";
-				echo "<script>qsl('input').onchange = selectFieldChange;</script>";
+				echo script("qsl('input').onchange = selectFieldChange;", "");
 				echo checkbox("boolean[$i]", 1, isset($_GET["boolean"][$i]), "BOOL");
 				echo "<br>\n";
 			}
@ -383,7 +381,7 @@ focus(qs('#username'));
 	function selectLimitPrint($limit) {
 		echo "<fieldset><legend>" . lang('Limit') . "</legend><div>"; // <div> for easy styling
 		echo "<input type='number' name='limit' class='size' value='" . h($limit) . "'>";
-		echo "<script>qsl('input').onchange = selectFieldChange;</script>";
+		echo script("qsl('input').onchange = selectFieldChange;", "");
 		echo "</div></fieldset>\n";
 	}

@ -585,7 +583,7 @@ focus(qs('#username'));
 		}
 		$history[$_GET["db"]][] = array($query, time(), $time); // not DB - $_GET["db"] is changed in database.inc.php //! respect $_GET["ns"]
 		return " <span class='time'>" . @date("H:i:s") . "</span>" // @ - time zone may be not set
-			. " <a href='#$id'>" . lang('SQL command') . "</a><script>qsl('a').onclick = partial(toggle, '$id');</script>"
+			. " <a href='#$id'>" . lang('SQL command') . "</a>" . script("qsl('a').onclick = partial(toggle, '$id');", "")
 			. "<div id='$id' class='hidden'><pre><code class='jush-$jush'>" . shorten_utf8($query, 1000) . '</code></pre>'
 			. ($time ? " <span class='time'>($time)</span>" : '')
 			. (support("sql") ? '<p><a href="' . h(str_replace("db=" . urlencode(DB), "db=" . urlencode($_GET["db"]), ME) . 'sql=&history=' . (count($history[$_GET["db"]]) - 1)) . '">' . lang('Edit') . '</a>' : '')
@ -861,7 +859,7 @@ focus(qs('#username'));
 					foreach ($usernames as $username => $password) {
 						if ($password !== null) {
 							if ($first) {
-								echo "<p id='logins'><script>mixin(qs('#logins'), {onmouseover: menuOver, onmouseout: menuOut});</script>\n";
+								echo "<p id='logins'>" . script("mixin(qs('#logins'), {onmouseover: menuOver, onmouseout: menuOut});");
 								$first = false;
 							}
 							$dbs = $_SESSION["db"][$vendor][$server][$username];
@ -933,7 +931,7 @@ bodyLoad('<?php echo (is_object($connection) ? substr($connection->server_info,
 <p id="dbs">
 <?php
 		hidden_fields_get();
-		$db_events = "<script>mixin(qsl('select'), {onmousedown: dbMouseDown, onchange: dbChange});</script>";
+		$db_events = script("mixin(qsl('select'), {onmousedown: dbMouseDown, onchange: dbChange});", "");
 		echo "<span title='" . lang('database') . "'>DB</span>: " . ($databases
 			? "<select name='db'>" . optionlist(array("" => "") + $databases, DB) . "</select>$db_events"
 			: '<input name="db" value="' . h(DB) . '" autocapitalize="off">'
@ -960,7 +958,7 @@ bodyLoad('<?php echo (is_object($connection) ? substr($connection->server_info,
 	* @return null
 	*/
 	function tablesPrint($tables) {
-		echo "<ul id='tables'><script>mixin(qs('#tables'), {onmouseover: menuOver, onmouseout: menuOut});</script>\n";
+		echo "<ul id='tables'>" . script("mixin(qs('#tables'), {onmouseover: menuOver, onmouseout: menuOut});");
 		foreach ($tables as $table => $status) {
 			echo '<li><a href="' . h(ME) . 'select=' . urlencode($table) . '"' . bold($_GET["select"] == $table || $_GET["edit"] == $table, "select") . ">" . lang('select') . "</a> ";
 			$name = $this->tableName($status);
--- a/adminer/include/connect.inc.php
+++ b/adminer/include/connect.inc.php
@ -30,13 +30,13 @@ function connect_error() {
 			$collations = collations();
 			echo "<form action='' method='post'>\n";
 			echo "<table cellspacing='0' class='checkable'>\n";
-			echo "<script>mixin(qsl('table'), {onclick: tableClick, ondblclick: partialArg(tableClick, true)});</script>\n";
+			echo script("mixin(qsl('table'), {onclick: tableClick, ondblclick: partialArg(tableClick, true)});");
 			echo "<thead><tr>"
 				. (support("database") ? "<td>&nbsp;" : "")
 				. "<th>" . lang('Database') . " - <a href='" . h(ME) . "refresh=1'>" . lang('Refresh') . "</a>"
 				. "<td>" . lang('Collation')
 				. "<td>" . lang('Tables')
-				. "<td>" . lang('Size') . " - <a href='" . h(ME) . "dbsize=1'>" . lang('Compute') . "</a><script>qsl('a').onclick = partial(ajaxSetHtml, '" . js_escape(ME) . "script=connect');</script>"
+				. "<td>" . lang('Size') . " - <a href='" . h(ME) . "dbsize=1'>" . lang('Compute') . "</a>" . script("qsl('a').onclick = partial(ajaxSetHtml, '" . js_escape(ME) . "script=connect');", "")
 				. "</thead>\n"
 			;
 			
@ -57,12 +57,12 @@ function connect_error() {
 			echo "</table>\n";
 			echo (support("database")
 				? "<fieldset><legend>" . lang('Selected') . " <span id='selected'></span></legend><div>\n"
-					. "<input type='hidden' name='all' value=''><script>qsl('input').onclick = function () { selectCount('selected', formChecked(this, /^db/)); };</script>\n" // used by trCheck()
+					. "<input type='hidden' name='all' value=''>" . script("qsl('input').onclick = function () { selectCount('selected', formChecked(this, /^db/)); };") // used by trCheck()
 					. "<input type='submit' name='drop' value='" . lang('Drop') . "'>" . confirm() . "\n"
 					. "</div></fieldset>\n"
 				: ""
 			);
-			echo "<script>tableCheck();</script>\n";
+			echo script("tableCheck();");
 			echo "<input type='hidden' name='token' value='$token'>\n";
 			echo "</form>\n";
 		}
--- a/adminer/include/design.inc.php
+++ b/adminer/include/design.inc.php
@ -151,6 +151,6 @@ function page_footer($missing = "") {
 <div id="menu">
 <?php $adminer->navigation($missing); ?>
 </div>
-<script>setupSubmitHighlight(document);</script>
 <?php
+	echo script("setupSubmitHighlight(document);");
 }
--- a/adminer/include/editing.inc.php
+++ b/adminer/include/editing.inc.php
@ -253,7 +253,7 @@ function edit_fields($fields, $collations, $type = "TABLE", $foreign_keys = arra
 <td id="label-default"><?php echo lang('Default value'); ?>
 <?php echo (support("comment") ? "<td id='label-comment'" . ($comments ? "" : " class='hidden'") . ">" . lang('Comment') : ""); ?>
 <?php } ?>
-<td><?php echo "<input type='image' class='icon' name='add[" . (support("move_col") ? 0 : count($fields)) . "]' src='../adminer/static/plus.gif' alt='+' title='" . lang('Add next') . "'>"; ?><script>row_count = <?php echo count($fields); ?>;</script>
+<td><?php echo "<input type='image' class='icon' name='add[" . (support("move_col") ? 0 : count($fields)) . "]' src='../adminer/static/plus.gif' alt='+' title='" . lang('Add next') . "'>" . script("row_count = " . count($fields) . ";"); ?>
 </thead>
 <tbody onkeydown="return editingKeydown(event);">
 <?php
--- a/adminer/include/functions.inc.php
+++ b/adminer/include/functions.inc.php
@ -81,6 +81,15 @@ function charset($connection) {
 	return (version_compare($connection->server_info, "5.5.3") >= 0 ? "utf8mb4" : "utf8"); // SHOW CHARSET would require an extra query
 }

+/** Return <script> element
+* @param string
+* @param string
+* @return string
+*/
+function script($source, $trailing = "\n") {
+	return "<script>$source</script>$newline";
+}
+
 /** Escape for HTML
 * @param string
 * @return string
@ -120,7 +129,7 @@ function checkbox($name, $value, $checked, $label = "", $onclick = "", $class =
 		. ($checked ? " checked" : "")
 		. ($labelled_by ? " aria-labelledby='$labelled_by'" : "")
 		. ">"
-		. ($onclick ? "<script>qsl('input').onclick = function () { $onclick };</script>" : "")
+		. ($onclick ? script("qsl('input').onclick = function () { $onclick };", "") : "")
 	;
 	return ($label != "" || $class ? "<label" . ($class ? " class='$class'" : "") . ">$return" . h($label) . "</label>" : $return);
 }
@ -162,7 +171,7 @@ function html_select($name, $options, $value = "", $onchange = true, $labelled_b
 		return "<select name='" . h($name) . "'"
 			. ($labelled_by ? " aria-labelledby='$labelled_by'" : "")
 			. ">" . optionlist($options, $value) . "</select>"
-			. (is_string($onchange) ? "<script>qsl('select').onchange = function () { $onchange };</script>" : "")
+			. (is_string($onchange) ? script("qsl('select').onchange = function () { $onchange };", "") : "")
 		;
 	}
 	$return = "";
@ -185,7 +194,7 @@ function select_input($attrs, $options, $value = "", $onchange = "", $placeholde
 	return "<$tag$attrs" . ($options
 		? "><option value=''>$placeholder" . optionlist($options, $value, true) . "</select>"
 		: " size='10' value='" . h($value) . "' placeholder='$placeholder'>"
-	) . ($onchange ? "<script>qsl('$tag').onchange = $onchange;</script>" : "");
+	) . ($onchange ? script("qsl('$tag').onchange = $onchange;", "") : "");
 }

 /** Get onclick confirmation
@ -193,7 +202,7 @@ function select_input($attrs, $options, $value = "", $onchange = "", $placeholde
 * @return string
 */
 function confirm($selector = "qsl('input')") {
-	return "<script>$selector.onclick = function () { return confirm('" . lang('Are you sure?') . "'); };</script>";
+	return script("$selector.onclick = function () { return confirm('" . lang('Are you sure?') . "'); };", "");
 }

 /** Print header for hidden fieldset (close by </div></fieldset>)
@ -205,7 +214,7 @@ function confirm($selector = "qsl('input')") {
 function print_fieldset($id, $legend, $visible = false) {
 	echo "<fieldset><legend>";
 	echo "<a href='#fieldset-$id'>$legend</a>";
-	echo "<script>qsl('a').onclick = partial(toggle, 'fieldset-$id');</script>";
+	echo script("qsl('a').onclick = partial(toggle, 'fieldset-$id');", "");
 	echo "</legend>";
 	echo "<div id='fieldset-$id'" . ($visible ? "" : " class='hidden'") . ">\n";
 }
@ -885,7 +894,8 @@ function input($field, $value, $function) {
 		$attrs .= $onchange;
 		$has_function = (in_array($function, $functions) || isset($functions[$function]));
 		echo (count($functions) > 1
-			? "<select name='function[$name]'" . on_help("getTarget(event).value.replace(/^SQL\$/, '')", 1) . ">" . optionlist($functions, $function === null || $has_function ? $function : "") . "</select><script>qsl('select').onchange = functionChange;</script>"
+			? "<select name='function[$name]'" . on_help("getTarget(event).value.replace(/^SQL\$/, '')", 1) . ">" . optionlist($functions, $function === null || $has_function ? $function : "") . "</select>"
+				. script("qsl('select').onchange = functionChange;", "")
 			: nbsp(reset($functions))
 		) . '<td>';
 		$input = $adminer->editInput($_GET["edit"], $field, $attrs, $value); // usage in call is without a table
@ -1236,7 +1246,7 @@ var timeout = setTimeout(function () {
 	flush();
 	$return = @get_key_vals($query, $connection2, $timeout); // @ - may be killed
 	if ($connection2) {
-		echo "<script>clearTimeout(timeout);</script>\n";
+		echo script("clearTimeout(timeout);");
 		ob_flush();
 		flush();
 	}
@ -1390,7 +1400,7 @@ function edit_form($TABLE, $fields, $row, $update) {
 		}
 	}
 	echo ($update ? "<input type='submit' name='delete' value='" . lang('Delete') . "'>" . confirm() . "\n"
-		: ($_POST || !$fields ? "" : "<script>focus(qsa('td', qs('#form'))[1].firstChild);</script>\n")
+		: ($_POST || !$fields ? "" : script("focus(qsa('td', qs('#form'))[1].firstChild);"))
 	);
 	if (isset($_GET["select"])) {
 		hidden_fields(array("check" => (array) $_POST["check"], "clone" => $_POST["clone"], "all" => $_POST["all"]));
--- a/adminer/processlist.inc.php
+++ b/adminer/processlist.inc.php
@ -14,8 +14,8 @@ page_header(lang('Process list'), $error);

 <form action="" method="post">
 <table cellspacing="0" class="nowrap checkable">
-<script>mixin(qsl('table'), {onclick: tableClick, ondblclick: partialArg(tableClick, true)});</script>
 <?php
+echo script("mixin(qsl('table'), {onclick: tableClick, ondblclick: partialArg(tableClick, true)});");
 // HTML valid because there is always at least one process
 $i = -1;
 foreach (process_list() as $i => $row) {
@ -45,7 +45,7 @@ foreach (process_list() as $i => $row) {
 }
 ?>
 </table>
-<script>tableCheck();</script>
+<?php echo script("tableCheck();"); ?>
 <p>
 <?php
 if (support("kill")) {
--- a/adminer/scheme.inc.php
+++ b/adminer/scheme.inc.php
@ -27,7 +27,7 @@ if (!$row) {

 <form action="" method="post">
 <p><input name="name" id="name" value="<?php echo h($row["name"]); ?>" autocapitalize="off">
-<script>focus(qs('#name'));</script>
+<?php echo script("focus(qs('#name'));"); ?>
 <input type="submit" value="<?php echo lang('Save'); ?>">
 <?php
 if ($_GET["ns"] != "") {
--- a/adminer/select.inc.php
+++ b/adminer/select.inc.php
@ -298,8 +298,11 @@ if (!$columns && support("table")) {
 			$backward_keys = $adminer->backwardKeys($TABLE, $table_name);

 			echo "<table id='table' cellspacing='0' class='nowrap checkable'>";
-			echo "<script>mixin(qs('#table'), {onclick: tableClick, ondblclick: partialArg(tableClick, true), onkeydown: editingKeydown});</script>\n";
-			echo "<thead><tr>" . (!$group && $select ? "" : "<td><input type='checkbox' id='all-page' class='jsonly'><script>qs('#all-page').onclick = partial(formCheck, /check/);</script> <a href='" . h($_GET["modify"] ? remove_from_uri("modify") : $_SERVER["REQUEST_URI"] . "&modify=1") . "'>" . lang('Modify') . "</a>");
+			echo script("mixin(qs('#table'), {onclick: tableClick, ondblclick: partialArg(tableClick, true), onkeydown: editingKeydown});");
+			echo "<thead><tr>" . (!$group && $select
+				? ""
+				: "<td><input type='checkbox' id='all-page' class='jsonly'>" . script("qs('#all-page').onclick = partial(formCheck, /check/);", "")
+					. " <a href='" . h($_GET["modify"] ? remove_from_uri("modify") : $_SERVER["REQUEST_URI"] . "&modify=1") . "'>" . lang('Modify') . "</a>");
 			$names = array();
 			$functions = array();
 			reset($select);
@ -315,14 +318,14 @@ if (!$columns && support("table")) {
 						$column = idf_escape($key);
 						$href = remove_from_uri('(order|desc)[^=]*|page') . '&order%5B0%5D=' . urlencode($key);
 						$desc = "&desc%5B0%5D=1";
-						echo "<th><script>mixin(qsl('th'), {onmouseover: partial(columnMouse), onmouseout: partial(columnMouse, ' hidden')});</script>";
+						echo "<th>" . script("mixin(qsl('th'), {onmouseover: partial(columnMouse), onmouseout: partial(columnMouse, ' hidden')});", "");
 						echo '<a href="' . h($href . ($order[0] == $column || $order[0] == $key || (!$order && $is_group && $group[0] == $column) ? $desc : '')) . '">'; // $order[0] == $key - COUNT(*)
 						echo apply_sql_function($val["fun"], $name) . "</a>"; //! columns looking like functions
 						echo "<span class='column hidden'>";
 						echo "<a href='" . h($href . $desc) . "' title='" . lang('descending') . "' class='text'> ↓</a>";
 						if (!$val["fun"]) {
 							echo '<a href="#fieldset-search" title="' . lang('Search') . '" class="text jsonly"> =</a>';
-							echo "<script>qsl('a').onclick = partial(selectSearch, '" . h(js_escape($key)) . "');</script>";
+							echo script("qsl('a').onclick = partial(selectSearch, '" . js_escape($key) . "');");
 						}
 						echo "</span>";
 					}
@ -422,7 +425,7 @@ if (!$columns && support("table")) {
 						} else {
 							$long = strpos($val, "<i>...</i>");
 							echo "<td id='$id'>$val</td>";
-							echo "<script>qsl('td').onclick = partialArg(selectClick, " . ($long ? 2 : ($text ? 1 : 0)) . ($editable ? "" : ", '" . h(lang('Use edit link to modify this value.')) . "'") . ");</script>";
+							echo script("qsl('td').onclick = partialArg(selectClick, " . ($long ? 2 : ($text ? 1 : 0)) . ($editable ? "" : ", '" . h(lang('Use edit link to modify this value.')) . "'") . ");", "");
 						}
 					}
 				}
@ -465,7 +468,7 @@ if (!$columns && support("table")) {
 				);
 				if ($jush != "simpledb") {
 					echo '<a href="' . h(remove_from_uri("page")) . '">' . lang('Page') . "</a>:";
-					echo "<script>qsl('a').onclick = function () { pageClick(this.href, +prompt('" . lang('Page') . "', '" . ($page + 1) . "')); return false; };</script>\n";
+					echo script("qsl('a').onclick = function () { pageClick(this.href, +prompt('" . lang('Page') . "', '" . ($page + 1) . "')); return false; };");
 					echo pagination(0, $page) . ($page > 5 ? " ..." : "");
 					for ($i = max(1, $page - 4); $i < min($max_page, $page + 5); $i++) {
 						echo pagination($i, $page);
@ -479,7 +482,7 @@ if (!$columns && support("table")) {
 					}
 					echo (($found_rows === false ? count($rows) + 1 : $found_rows - $page * $limit) > $limit
 						? ' <a href="' . h(remove_from_uri("page") . "&page=" . ($page + 1)) . '" class="loadmore">' . lang('Load more data') . '</a>'
-							. "<script>qsl('a').onclick = partial(selectLoadMore, " . (+$limit) . ", '" . lang('Loading') . "...');</script>"
+							. script("qsl('a').onclick = partial(selectLoadMore, " . (+$limit) . ", '" . lang('Loading') . "...');", "")
 						: ''
 					);
 				} else {
@ -524,7 +527,7 @@ if (!$columns && support("table")) {
 				echo "</div></fieldset>\n";
 			}

-			echo (!$group && $select ? "" : "<script>tableCheck();</script>\n");
+			echo (!$group && $select ? "" : script("tableCheck();"));
 		}

 		if ($adminer->selectImportPrint()) {
--- a/adminer/sql.inc.php
+++ b/adminer/sql.inc.php
@ -208,7 +208,7 @@ if (!isset($_GET["import"])) {
 	}
 	echo "<p>";
 	textarea("query", $q, 20);
-	echo ($_POST ? "" : "<script>qs('textarea').focus();</script>\n");
+	echo ($_POST ? "" : script("qs('textarea').focus();"));
 	echo "<p>$execute\n";
 	echo lang('Limit rows') . ": <input type='number' name='limit' class='size' value='" . h($_POST ? $_POST["limit"] : $_GET["limit"]) . "'>\n";
 	
--- a/adminer/trigger.inc.php
+++ b/adminer/trigger.inc.php
@ -40,7 +40,7 @@ page_header(($name != "" ? lang('Alter trigger') . ": " . h($name) : lang('Creat
 <tr><th><?php echo lang('Type'); ?><td><?php echo html_select("Type", $trigger_options["Type"], $row["Type"]); ?>
 </table>
 <p><?php echo lang('Name'); ?>: <input name="Trigger" value="<?php echo h($row["Trigger"]); ?>" maxlength="64" autocapitalize="off">
-<script>qs('#form')['Timing'].onchange();</script>
+<?php echo script("qs('#form')['Timing'].onchange();"); ?>
 <p><?php textarea("Statement", $row["Statement"]); ?>
 <p>
 <input type="submit" value="<?php echo lang('Save'); ?>">
--- a/adminer/user.inc.php
+++ b/adminer/user.inc.php
@ -135,7 +135,7 @@ if ($_POST) {
 <tr><th><?php echo lang('Server'); ?><td><input name="host" maxlength="60" value="<?php echo h($row["host"]); ?>" autocapitalize="off">
 <tr><th><?php echo lang('Username'); ?><td><input name="user" maxlength="16" value="<?php echo h($row["user"]); ?>" autocapitalize="off">
 <tr><th><?php echo lang('Password'); ?><td><input name="pass" id="pass" value="<?php echo h($row["pass"]); ?>">
-<?php if (!$row["hashed"]) { ?><script>typePassword(qs('#pass'));</script><?php } ?>
+<?php if (!$row["hashed"]) { echo script("typePassword(qs('#pass'));"); } ?>
 <?php echo checkbox("hashed", 1, $row["hashed"], lang('Hashed'), "typePassword(this.form['pass'], this.checked);"); ?>
 </table>

--- a/editor/db.inc.php
+++ b/editor/db.inc.php
@ -8,7 +8,7 @@ if ($adminer->homepage()) {
 		search_tables();
 	}
 	echo "<table cellspacing='0' class='nowrap checkable'>\n";
-	echo "<script>mixin(qsl('table'), {onclick: tableClick, ondblclick: partialArg(tableClick, true)});</script>\n";
+	echo script("mixin(qsl('table'), {onclick: tableClick, ondblclick: partialArg(tableClick, true)});");
 	echo '<thead><tr class="wrap"><td><input id="check-all" type="checkbox" onclick="formCheck.call(this, /^tables\[/);" class="jsonly"><th>' . lang('Table') . '<td>' . lang('Rows') . "</thead>\n";
 	
 	foreach (table_status() as $table => $row) {
@ -22,6 +22,6 @@ if ($adminer->homepage()) {
 	}
 	
 	echo "</table>\n";
-	echo "<script>tableCheck();</script>\n";
+	echo script("tableCheck();");
 	echo "</form>\n";
 }
--- a/editor/include/adminer.inc.php
+++ b/editor/include/adminer.inc.php
@ -61,10 +61,8 @@ class Adminer {
 <tr><th><?php echo lang('Username'); ?><td><input type="hidden" name="auth[driver]" value="server"><input name="auth[username]" id="username" value="<?php echo h($_GET["username"]); ?>" autocapitalize="off">
 <tr><th><?php echo lang('Password'); ?><td><input type="password" name="auth[password]">
 </table>
-<script>
-focus(qs('#username'));
-</script>
 <?php
+		echo script("focus(qs('#username'));");
 		echo "<p><input type='submit' value='" . lang('Login') . "'>\n";
 		echo checkbox("auth[permanent]", 1, $_COOKIE["adminer_permanent"], lang('Permanent login')) . "\n";
 	}
--- a/plugins/edit-calendar.php
+++ b/plugins/edit-calendar.php
@ -28,7 +28,7 @@ class AdminerEditCalendar {
 			$lang = ($lang == "zh" ? "zh-CN" : ($lang == "zh-tw" ? "zh-TW" : $lang));
 			if ($lang != "en" && file_exists(sprintf($this->langPath, $lang))) {
 				printf("<script src='$this->langPath'></script>\n", $lang);
-				echo "<script>jQuery(function () { jQuery.timepicker.setDefaults(jQuery.datepicker.regional['$lang']); });</script>\n";
+				echo script("jQuery(function () { jQuery.timepicker.setDefaults(jQuery.datepicker.regional['$lang']); });");
 			}
 		}
 	}
@ -37,11 +37,12 @@ class AdminerEditCalendar {
 		if (preg_match("~date|time~", $field["type"])) {
 			$dateFormat = "changeYear: true, dateFormat: 'yy-mm-dd'"; //! yy-mm-dd regional
 			$timeFormat = "showSecond: true, timeFormat: 'HH:mm:ss.lcZ', timeInput: true";
-			return "<input id='fields-" . h($field["field"]) . "' value='" . h($value) . "'" . (@+$field["length"] ? " maxlength='" . (+$field["length"]) . "'" : "") . "$attrs><script>jQuery('#fields-" . js_escape($field["field"]) . "')."
+			return "<input id='fields-" . h($field["field"]) . "' value='" . h($value) . "'" . (@+$field["length"] ? " maxlength='" . (+$field["length"]) . "'" : "") . "$attrs>" . script(
+				"jQuery('#fields-" . js_escape($field["field"]) . "')."
 				. ($field["type"] == "time" ? "timepicker({ $timeFormat })"
-				: (preg_match("~time~", $field["type"]) ? "datetimepicker({ $dateFormat, $timeFormat })"
-				: "datepicker({ $dateFormat })"
-			)) . ";</script>";
+					: (preg_match("~time~", $field["type"]) ? "datetimepicker({ $dateFormat, $timeFormat })"
+						: "datepicker({ $dateFormat })"
+					)) . ";");
 		}
 	}

--- a/plugins/tinymce.php
+++ b/plugins/tinymce.php
@ -68,7 +68,7 @@ tinyMCE.init({

 	function editInput($table, $field, $attrs, $value) {
 		if (preg_match("~text~", $field["type"]) && preg_match("~_html~", $field["field"])) {
-			return "<textarea$attrs id='fields-" . h($field["field"]) . "' rows='12' cols='50'>" . h($value) . "</textarea><script>
+			return "<textarea$attrs id='fields-" . h($field["field"]) . "' rows='12' cols='50'>" . h($value) . "</textarea>" . script("
 tinyMCE.remove(tinyMCE.get('fields-" . js_escape($field["field"]) . "') || { });
 tinyMCE.execCommand('mceAddControl', true, 'fields-" . js_escape($field["field"]) . "');
 qs('#form').onsubmit = function () {
@ -76,7 +76,7 @@ qs('#form').onsubmit = function () {
 		ed.remove();
 	});
 };
-</script>";
+");
 		}
 	}

--- a/plugins/version-noverify.php
+++ b/plugins/version-noverify.php
@ -9,12 +9,7 @@
 class AdminerVersionNoverify {
 	
 	function navigation($missing) {
-		?>
-<script>
-verifyVersion = function () {
-};
-</script>
-<?php
+		echo script("verifyVersion = function () {};");
 	}
 	
 }
--- a/plugins/wymeditor.php
+++ b/plugins/wymeditor.php
@ -55,9 +55,9 @@ class AdminerWymeditor {
 				$lang = get_lang();
 				$lang = ($lang == "zh" || $lang == "zh-tw" ? "zh_cn" : $lang);
 			}
-			return "<textarea$attrs id='fields-" . h($field["field"]) . "' rows='12' cols='50'>" . h($value) . "</textarea><script>
+			return "<textarea$attrs id='fields-" . h($field["field"]) . "' rows='12' cols='50'>" . h($value) . "</textarea>" . script("
 jQuery('#fields-" . js_escape($field["field"]) . "').wymeditor({ updateSelector: '#form [type=\"submit\"]', lang: '$lang'" . ($this->options ? ", $this->options" : "") . " });
-</script>";
+");
 		}
 	}