From 588bf3e20db0ae039a822a14a8fa238c5b298e65 Mon Sep 17 00:00:00 2001
From: Kerry Liu <gwwar@users.noreply.github.com>
Date: Wed, 5 Feb 2020 00:17:16 -0800
Subject: [PATCH] Handle leading zeros in quote html entity (#4623)

---
 test/unescape.js | 6 ++++++
 unescape.js      | 4 ++--
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/test/unescape.js b/test/unescape.js
index 418ebdff9..7bd56137f 100644
--- a/test/unescape.js
+++ b/test/unescape.js
@@ -26,6 +26,12 @@ describe('unescape', function() {
     assert.strictEqual(unescape(escape(unescaped)), unescaped);
   });
 
+  it('should handle leading zeros in html entities', function() {
+    assert.strictEqual(unescape('&#39;'), "'");
+    assert.strictEqual(unescape('&#039;'), "'");
+    assert.strictEqual(unescape('&#000039;'), "'");
+  });
+
   lodashStable.each(['&#96;', '&#x2F;'], function(entity) {
     it('should not unescape the "' + entity + '" entity', function() {
       assert.strictEqual(unescape(entity), entity);
diff --git a/unescape.js b/unescape.js
index e05c73608..19abf96a4 100644
--- a/unescape.js
+++ b/unescape.js
@@ -8,7 +8,7 @@ const htmlUnescapes = {
 }
 
 /** Used to match HTML entities and HTML characters. */
-const reEscapedHtml = /&(?:amp|lt|gt|quot|#39);/g
+const reEscapedHtml = /&(?:amp|lt|gt|quot|#(0+)?39);/g
 const reHasEscapedHtml = RegExp(reEscapedHtml.source)
 
 /**
@@ -31,7 +31,7 @@ const reHasEscapedHtml = RegExp(reEscapedHtml.source)
  */
 function unescape(string) {
   return (string && reHasEscapedHtml.test(string))
-    ? string.replace(reEscapedHtml, (entity) => htmlUnescapes[entity])
+    ? string.replace(reEscapedHtml, (entity) => (htmlUnescapes[entity] || "'") )
     : (string || '')
 }