Merge pull request #198 from codekitchen/master
properly handle ampersands when HTML escaping
This commit is contained in:
@@ -22,6 +22,7 @@ Handlebars.SafeString.prototype.toString = function() {
|
||||
|
||||
(function() {
|
||||
var escape = {
|
||||
"&": "&",
|
||||
"<": "<",
|
||||
">": ">",
|
||||
'"': """,
|
||||
@@ -29,7 +30,7 @@ Handlebars.SafeString.prototype.toString = function() {
|
||||
"`": "`"
|
||||
};
|
||||
|
||||
var badChars = /&(?!\w+;)|[<>"'`]/g;
|
||||
var badChars = /[&<>"'`]/g;
|
||||
var possible = /[&<>"'`]/;
|
||||
|
||||
var escapeChar = function(chr) {
|
||||
|
||||
@@ -123,6 +123,8 @@ test("escaping expressions", function() {
|
||||
shouldCompileTo("{{awesome}}", {awesome: "&\"'`\\<>"}, '&"'`\\<>',
|
||||
"by default expressions should be escaped");
|
||||
|
||||
shouldCompileTo("{{awesome}}", {awesome: "Escaped, <b> looks like: <b>"}, 'Escaped, <b> looks like: &lt;b&gt;',
|
||||
"escaping should properly handle amperstands");
|
||||
});
|
||||
|
||||
test("functions returning safestrings shouldn't be escaped", function() {
|
||||
|
||||
Reference in New Issue
Block a user