Mirrors/lodash
1
0
Fork 0
mirror of https://github.com/whoisclebs/lodash.git synced 2026-02-08 10:17:48 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add ` as a character to escape/unescape and a doc note on unquoted html attribute values.

Browse Source
This commit is contained in:
John-David Dalton
2014-01-30 09:38:01 -08:00
parent ba8684dfc7
commit 618c8bb5ad
8 changed files with 61 additions and 41 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
dist/lodash.compat.js vendored
View File

@@ -41,8 +41,8 @@
reEmptyStringTrailing = /(__e\(.*?\)|\b__t\)) \+\n'';/g;
/** Used to match HTML entities and HTML characters */
var reEscapedHtml = /&(?:amp|lt|gt|quot|#39);/g,
reUnescapedHtml = /[&<>"']/g;
var reEscapedHtml = /&(?:amp|lt|gt|quot|#39|#96);/g,
reUnescapedHtml = /[&<>"'`]/g;
/** Used to match template delimiters */
var reEscape = /<%-([\s\S]+?)%>/g,
@@ -153,7 +153,8 @@
'<': '&lt;',
'>': '&gt;',
'"': '&quot;',
"'": '&#39;'
"'": '&#39;',
'`': '&#96;'
};
/** Used to convert HTML entities to characters */
@@ -162,7 +163,8 @@
'&lt;': '<',
'&gt;': '>',
'&quot;': '"',
'&#39;': "'"
'&#39;': "'",
'&#96;': '`'
};
/** Used to determine if values are of the language type Object */
@@ -6568,11 +6570,14 @@
}
/**
* Converts the characters `&`, `<`, `>`, `"`, and `'` in `string` to
* Converts the characters `&`, `<`, `>`, `"`, `'`, and ``` in `string` to
* their corresponding HTML entities.
*
* Note: No other characters are escaped. To escape additional characters
* use a third-party library like [_he_](http://mths.be/he).
* use a third-party library like [_he_](http://mths.be/he). When working
* with HTML you should always quote attribute values to reduce XSS vectors.
* See [Ryan Grove's article](http://wonko.com/post/html-escaping) for more
* details.
*
* @static
* @memberOf _
@@ -6848,8 +6853,8 @@
/**
* The inverse of `_.escape`; this method converts the HTML entities
* `&amp;`, `&lt;`, `&gt;`, `&quot;`, and `&#39;` in `string` to their
* corresponding characters.
* `&amp;`, `&lt;`, `&gt;`, `&quot;`, `&#39;`, and `&#96;` in `string` to
* their corresponding characters.
*
* Note: No other HTML entities are unescaped. To unescape additional HTML
* entities use a third-party library like [_he_](http://mths.be/he).