Merge pull request #34 from iamleppert/escape-single-quote

Escape a single quote apostrophe in escapeHtml
linkedin · May 21, 2012 · a204699 · a204699
2 parents 76e825e + a1caed0
commit a204699
Show file tree

Hide file tree

Showing 3 changed files with 8 additions and 7 deletions.
diff --git a/lib/dust.js b/lib/dust.js
@@ -471,18 +471,19 @@ Tap.prototype.go = function(value) {
   return value;
 };
 
-var HCHARS = new RegExp(/[&<>\"]/),
+var HCHARS = new RegExp(/[&<>\"\']/),
     AMP    = /&/g,
     LT     = /</g,
     GT     = />/g,
-    QUOT   = /\"/g;
+    QUOT   = /\"/g,
+    SQUOT  = /\'/g;
 
 dust.escapeHtml = function(s) {
   if (typeof s === "string") {
     if (!HCHARS.test(s)) {
       return s;
     }
-    return s.replace(AMP,'&amp;').replace(LT,'&lt;').replace(GT,'&gt;').replace(QUOT,'&quot;');
+    return s.replace(AMP,'&amp;').replace(LT,'&lt;').replace(GT,'&gt;').replace(QUOT,'&quot;').replace(SQUOT, '&#39;');
   }
   return s;
 };

diff --git a/test/examples.js b/test/examples.js
@@ -84,13 +84,13 @@ exports.dustExamples = [
     name:     "escaped",
     source:   "{safe|s}{~n}{unsafe}",
     context:  { safe: "<script>alert('Hello!')</script>", unsafe: "<script>alert('Goodbye!')</script>" },
-    expected: "<script>alert('Hello!')</script>\n&lt;script&gt;alert('Goodbye!')&lt;/script&gt;"
+    expected: "<script>alert('Hello!')</script>\n&lt;script&gt;alert(&#39;Goodbye!&#39;)&lt;/script&gt;"
   },
   {
     name:     "escape_pragma",
     source:   "{%esc:s}\n  {unsafe}{~n}\n  {%esc:h}\n    {unsafe}\n  {/esc}\n{/esc}",
     context:  { unsafe: "<script>alert('Goodbye!')</script>" },
-    expected: "<script>alert('Goodbye!')</script>\n&lt;script&gt;alert('Goodbye!')&lt;/script&gt;"
+    expected: "<script>alert('Goodbye!')</script>\n&lt;script&gt;alert(&#39;Goodbye!&#39;)&lt;/script&gt;"
   },
   {
     name:     "else_block",

diff --git a/test/jasmine-test/spec/examples.js b/test/jasmine-test/spec/examples.js
@@ -115,14 +115,14 @@ var dustExamples = [
     name:     "escaped",
     source:   "{safe|s}{~n}{unsafe}",
     context:  { safe: "<script>alert('Hello!')</script>", unsafe: "<script>alert('Goodbye!')</script>" },
-    expected: "<script>alert('Hello!')</script>\n&lt;script&gt;alert('Goodbye!')&lt;/script&gt;",
+    expected: "<script>alert('Hello!')</script>\n&lt;script&gt;alert(&#39;Goodbye!&#39;)&lt;/script&gt;",
     message: "should test escaped characters"
   },
   {
     name:     "escape_pragma",
     source:   "{%esc:s}\n  {unsafe}{~n}\n  {%esc:h}\n    {unsafe}\n  {/esc}\n{/esc}",
     context:  { unsafe: "<script>alert('Goodbye!')</script>" },
-    expected: "<script>alert('Goodbye!')</script>\n&lt;script&gt;alert('Goodbye!')&lt;/script&gt;",
+    expected: "<script>alert('Goodbye!')</script>\n&lt;script&gt;alert(&#39;Goodbye!&#39;)&lt;/script&gt;",
     message: "should test escape_pragma"
   },
   {