diff --git a/lib/dust.js b/lib/dust.js
index c5d72256..a0e17851 100644
--- a/lib/dust.js
+++ b/lib/dust.js
@@ -471,18 +471,19 @@ Tap.prototype.go = function(value) {
return value;
};
-var HCHARS = new RegExp(/[&<>\"]/),
+var HCHARS = new RegExp(/[&<>\"\']/),
AMP = /&/g,
LT = //g,
- QUOT = /\"/g;
+ QUOT = /\"/g,
+ SQUOT = /\'/g;
dust.escapeHtml = function(s) {
if (typeof s === "string") {
if (!HCHARS.test(s)) {
return s;
}
- return s.replace(AMP,'&').replace(LT,'<').replace(GT,'>').replace(QUOT,'"');
+ return s.replace(AMP,'&').replace(LT,'<').replace(GT,'>').replace(QUOT,'"').replace(SQUOT, ''');
}
return s;
};
diff --git a/test/examples.js b/test/examples.js
index 6fc97bd8..f4e9cd42 100644
--- a/test/examples.js
+++ b/test/examples.js
@@ -84,13 +84,13 @@ exports.dustExamples = [
name: "escaped",
source: "{safe|s}{~n}{unsafe}",
context: { safe: "", unsafe: "" },
- expected: "\n<script>alert('Goodbye!')</script>"
+ expected: "\n<script>alert('Goodbye!')</script>"
},
{
name: "escape_pragma",
source: "{%esc:s}\n {unsafe}{~n}\n {%esc:h}\n {unsafe}\n {/esc}\n{/esc}",
context: { unsafe: "" },
- expected: "\n<script>alert('Goodbye!')</script>"
+ expected: "\n<script>alert('Goodbye!')</script>"
},
{
name: "else_block",
diff --git a/test/jasmine-test/spec/examples.js b/test/jasmine-test/spec/examples.js
index f9dfbda2..667608a3 100644
--- a/test/jasmine-test/spec/examples.js
+++ b/test/jasmine-test/spec/examples.js
@@ -115,14 +115,14 @@ var dustExamples = [
name: "escaped",
source: "{safe|s}{~n}{unsafe}",
context: { safe: "", unsafe: "" },
- expected: "\n<script>alert('Goodbye!')</script>",
+ expected: "\n<script>alert('Goodbye!')</script>",
message: "should test escaped characters"
},
{
name: "escape_pragma",
source: "{%esc:s}\n {unsafe}{~n}\n {%esc:h}\n {unsafe}\n {/esc}\n{/esc}",
context: { unsafe: "" },
- expected: "\n<script>alert('Goodbye!')</script>",
+ expected: "\n<script>alert('Goodbye!')</script>",
message: "should test escape_pragma"
},
{