/*
send_note function from netspace.org
*/

  // HTML entity encode string (only the basic & < > " are encoded)
  function HTML_entity_encode(str) {
    str.replace(/&/g,  '&amp;');
    str.replace(/</g,  '&lt;');
    str.replace(/>/g,  '&gt;');
    str.replace(/\"/g, '&quot;'); 
    return str;
  }

  // Build associative array with all name and value pairs in 'GET' query string
  // Note: keys are stored unencoded, so do not use them as vars in the printed
  //   HTML or else you are cross-site scripting vulnerable.  Also, when keys or
  //   values are used in URLs, the raw value should be URL percent encoded.
  function parse_query_string() {
    // get query string and replace '+' with ' ' b/c unescape() does not do that
    var query_string = location.href.substring(location.href.indexOf('?') + 1);
    query_string.replace(/\+/g, ' ');
    // split query string into array of key=value strings
    var pairs = query_string.split('&');
  
    // separator for multiple select values 
    var separator = ',';
    // create hash of key/value pairs.
    //   Values are arrays of (raw value and HTML entity encoded raw value)
    var j, key, val;
    var query_hash = new Array;
    for (var i=0; i < pairs.length; i++) {
        j = pairs[i].indexOf('=');
        if (j == -1) {
            key = unescape(pairs[i]);
	    val = '';
        }
        else {
            key = unescape(pairs[i].substring(0,j));
            val = unescape(pairs[i].substring(j+1));
        }

        if (query_hash[key] == null)
            query_hash[key] = new Array(val, HTML_entity_encode(val));
        else {
            query_hash[key][0] += separator + val;
            query_hash[key][1] += separator + HTML_entity_encode(val);
        }
    }
    return query_hash;
  }
  var query = parse_query_string();