Fix problem with unsafe use of String.prototype.replace()

We were using `String.prototype.replace()` without addressing the
wrinkle that dollar signs in the replacement string have special
handling. This caused problems in situations where the replacement
string is derived from user input and contains dollar signs.

Fixes #2517

core/modules/utils/utils.js

@@ -19,6 +19,15 @@ exports.warning = function(text) {
 	console.log($tw.node ? "\x1b[1;33m" + text + "\x1b[0m" : text);
 };
 
+/*
+Repeatedly replaces a substring within a string. Like String.prototype.replace, but without any of the default special handling of $ sequences in the replace string
+*/
+exports.replaceString = function(text,search,replace) {
+	return text.replace(search,function() {
+		return replace;
+	});
+};
+
 /*
 Repeats a string
 */