Merge pull request #198 from codekitchen/master

properly handle ampersands when HTML escaping
This commit is contained in:
Yehuda Katz
2012-09-14 20:48:40 -07:00
2 changed files with 4 additions and 1 deletions
+2 -1
View File
@@ -22,6 +22,7 @@ Handlebars.SafeString.prototype.toString = function() {
(function() {
var escape = {
"&": "&",
"<": "&lt;",
">": "&gt;",
'"': "&quot;",
@@ -29,7 +30,7 @@ Handlebars.SafeString.prototype.toString = function() {
"`": "&#x60;"
};
var badChars = /&(?!\w+;)|[<>"'`]/g;
var badChars = /[&<>"'`]/g;
var possible = /[&<>"'`]/;
var escapeChar = function(chr) {
+2
View File
@@ -123,6 +123,8 @@ test("escaping expressions", function() {
shouldCompileTo("{{awesome}}", {awesome: "&\"'`\\<>"}, '&amp;&quot;&#x27;&#x60;\\&lt;&gt;',
"by default expressions should be escaped");
shouldCompileTo("{{awesome}}", {awesome: "Escaped, <b> looks like: &lt;b&gt;"}, 'Escaped, &lt;b&gt; looks like: &amp;lt;b&amp;gt;',
"escaping should properly handle amperstands");
});
test("functions returning safestrings shouldn't be escaped", function() {