AK: Replace the mutable String::replace API with an immutable version

This removes the awkward String::replace API which was the only String
API which mutated the String and replaces it with a new immutable
version that returns a new String with the replacements applied. This
also fixes a couple of UAFs that were caused by the use of this API.

As an optimization an equivalent StringView::replace API was also added
to remove an unnecessary String allocations in the format of:
`String { view }.replace(...);`

Userland/Libraries/LibJS/Parser.h

@@ -117,11 +117,7 @@ public:
                 return {};
             // We need to modify the source to match what the lexer considers one line - normalizing
             // line terminators to \n is easier than splitting using all different LT characters.
-            String source_string { source };
-            source_string.replace("\r\n", "\n");
-            source_string.replace("\r", "\n");
-            source_string.replace(LINE_SEPARATOR_STRING, "\n");
-            source_string.replace(PARAGRAPH_SEPARATOR_STRING, "\n");
+            String source_string = source.replace("\r\n", "\n").replace("\r", "\n").replace(LINE_SEPARATOR_STRING, "\n").replace(PARAGRAPH_SEPARATOR_STRING, "\n");
             StringBuilder builder;
             builder.append(source_string.split_view('\n', true)[position.value().line - 1]);
             builder.append('\n');

Userland/Libraries/LibJS/Runtime/RegExpPrototype.cpp

@@ -84,12 +84,7 @@ static String escape_regexp_pattern(const RegExpObject& regexp_object)
     if (pattern.is_empty())
         return "(?:)";
     // FIXME: Check u flag and escape accordingly
-    pattern.replace("\n", "\\n", true);
-    pattern.replace("\r", "\\r", true);
-    pattern.replace(LINE_SEPARATOR_STRING, "\\u2028", true);
-    pattern.replace(PARAGRAPH_SEPARATOR_STRING, "\\u2029", true);
-    pattern.replace("/", "\\/", true);
-    return pattern;
+    return pattern.replace("\n", "\\n", true).replace("\r", "\\r", true).replace(LINE_SEPARATOR_STRING, "\\u2028", true).replace(PARAGRAPH_SEPARATOR_STRING, "\\u2029", true).replace("/", "\\/", true);
 }
 
 // 22.2.5.2.3 AdvanceStringIndex ( S, index, unicode ), https://tc39.es/ecma262/#sec-advancestringindex

Userland/Libraries/LibJS/Runtime/StringPrototype.cpp

@@ -1141,11 +1141,10 @@ static Value create_html(GlobalObject& global_object, Value string, const String
         auto value_string = value.to_string(global_object);
         if (vm.exception())
             return {};
-        value_string.replace("\"", """, true);
         builder.append(' ');
         builder.append(attribute);
         builder.append("=\"");
-        builder.append(value_string);
+        builder.append(value_string.replace("\"", """, true));
         builder.append('"');
     }
     builder.append('>');

Userland/Libraries/LibJS/Token.cpp

@@ -207,10 +207,7 @@ String Token::string_value(StringValueStatus& status) const
 // 12.8.6.2 Static Semantics: TRV, https://tc39.es/ecma262/multipage/ecmascript-language-lexical-grammar.html#sec-static-semantics-trv
 String Token::raw_template_value() const
 {
-    String base = value().to_string();
-    base.replace("\r\n", "\n", true);
-    base.replace("\r", "\n", true);
-    return base;
+    return value().replace("\r\n", "\n", true).replace("\r", "\n", true);
 }
 
 bool Token::bool_value() const