From 6f55a2d2632740caf0d4c9fdbe7eca8e3709e5d9 Mon Sep 17 00:00:00 2001
From: Johnathan Leppert <jleppert@linkedin.com>
Date: Wed, 16 May 2012 15:28:42 -0700
Subject: [PATCH 1/2] fixes #24

---
 lib/dust.js                        | 5 +++--
 test/examples.js                   | 6 +++---
 test/jasmine-test/spec/examples.js | 6 +++---
 3 files changed, 9 insertions(+), 8 deletions(-)

diff --git a/lib/dust.js b/lib/dust.js
index c6e2448a..88134d16 100644
--- a/lib/dust.js
+++ b/lib/dust.js
@@ -459,14 +459,15 @@ var HCHARS = new RegExp(/[&<>\"]/),
     AMP    = /&/g,
     LT     = /</g,
     GT     = />/g,
-    QUOT   = /\"/g;
+    QUOT   = /\"/g,
+    SQUOT  = /\'/g;
 
 dust.escapeHtml = function(s) {
   if (typeof s === "string") {
     if (!HCHARS.test(s)) {
       return s;
     }
-    return s.replace(AMP,'&amp;').replace(LT,'&lt;').replace(GT,'&gt;').replace(QUOT,'&quot;');
+    return s.replace(AMP,'&amp;').replace(LT,'&lt;').replace(GT,'&gt;').replace(QUOT,'&quot;').replace(SQUOT, '&#39;');
   }
   return s;
 };
diff --git a/test/examples.js b/test/examples.js
index c3e76da3..ed494c88 100644
--- a/test/examples.js
+++ b/test/examples.js
@@ -84,13 +84,13 @@ exports.dustExamples = [
     name:     "escaped",
     source:   "{safe|s}{~n}{unsafe}",
     context:  { safe: "<script>alert('Hello!')</script>", unsafe: "<script>alert('Goodbye!')</script>" },
-    expected: "<script>alert('Hello!')</script>\n&lt;script&gt;alert('Goodbye!')&lt;/script&gt;"
+    expected: "<script>alert('Hello!')</script>\n&lt;script&gt;alert(&#39;Goodbye!&#39;)&lt;/script&gt;"
   },
   {
     name:     "escape_pragma",
     source:   "{%esc:s}\n  {unsafe}{~n}\n  {%esc:h}\n    {unsafe}\n  {/esc}\n{/esc}",
     context:  { unsafe: "<script>alert('Goodbye!')</script>" },
-    expected: "<script>alert('Goodbye!')</script>\n&lt;script&gt;alert('Goodbye!')&lt;/script&gt;"
+    expected: "<script>alert('Goodbye!')</script>\n&lt;script&gt;alert(&#39;Goodbye!&#39;)&lt;/script&gt;"
   },
   {
     name:     "else_block",
@@ -315,4 +315,4 @@ exports.dustExamples = [
   }
 ];
 
-})(typeof exports !== "undefined" ? exports : window);
\ No newline at end of file
+})(typeof exports !== "undefined" ? exports : window);
diff --git a/test/jasmine-test/spec/examples.js b/test/jasmine-test/spec/examples.js
index ee35a6bc..afcaba3e 100644
--- a/test/jasmine-test/spec/examples.js
+++ b/test/jasmine-test/spec/examples.js
@@ -115,14 +115,14 @@ var dustExamples = [
     name:     "escaped",
     source:   "{safe|s}{~n}{unsafe}",
     context:  { safe: "<script>alert('Hello!')</script>", unsafe: "<script>alert('Goodbye!')</script>" },
-    expected: "<script>alert('Hello!')</script>\n&lt;script&gt;alert('Goodbye!')&lt;/script&gt;",
+    expected: "<script>alert('Hello!')</script>\n&lt;script&gt;alert(&#39;Goodbye!&#39;)&lt;/script&gt;",
     message: "should test escaped characters"
   },
   {
     name:     "escape_pragma",
     source:   "{%esc:s}\n  {unsafe}{~n}\n  {%esc:h}\n    {unsafe}\n  {/esc}\n{/esc}",
     context:  { unsafe: "<script>alert('Goodbye!')</script>" },
-    expected: "<script>alert('Goodbye!')</script>\n&lt;script&gt;alert('Goodbye!')&lt;/script&gt;",
+    expected: "<script>alert('Goodbye!')</script>\n&lt;script&gt;alert(&#39;Goodbye!&#39;)&lt;/script&gt;",
     message: "should test escape_pragma"
   },
   {
@@ -403,4 +403,4 @@ if (typeof module !== "undefined" && typeof require !== "undefined") {
     module.exports = dustExamples; // We're on node.js
 } else {
     window.dustExamples = dustExamples; // We're on the browser
-}
\ No newline at end of file
+}

From a1caed0870eaad9110688887c4bfcc72df6731d9 Mon Sep 17 00:00:00 2001
From: Johnathan Leppert <jleppert@linkedin.com>
Date: Wed, 16 May 2012 23:27:47 -0700
Subject: [PATCH 2/2] Forgot HCHARS regex for single quote

---
 lib/dust.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/dust.js b/lib/dust.js
index 88134d16..f3dd022f 100644
--- a/lib/dust.js
+++ b/lib/dust.js
@@ -455,7 +455,7 @@ Tap.prototype.go = function(value) {
   return value;
 };
 
-var HCHARS = new RegExp(/[&<>\"]/),
+var HCHARS = new RegExp(/[&<>\"\']/),
     AMP    = /&/g,
     LT     = /</g,
     GT     = />/g,