Mirrors/lodash
1
0
Fork 0
mirror of https://github.com/whoisclebs/lodash.git synced 2026-02-05 17:37:50 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add ` as a character to escape/unescape and a doc note on unquoted html attribute values.

Browse Source
This commit is contained in:
John-David Dalton
2014-01-30 09:38:01 -08:00
parent ba8684dfc7
commit 618c8bb5ad
8 changed files with 61 additions and 41 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
dist/lodash.underscore.js vendored
View File

@@ -33,8 +33,8 @@
var idCounter = 0;
/** Used to match HTML entities and HTML characters */
var reEscapedHtml = /&(?:amp|lt|gt|quot|#x27);/g,
reUnescapedHtml = /[&<>"']/g;
var reEscapedHtml = /&(?:amp|lt|gt|quot|#x27|#96);/g,
reUnescapedHtml = /[&<>"'`]/g;
/** Used to match template delimiters */
var reEscape = /<%-([\s\S]+?)%>/g,
@@ -71,7 +71,8 @@
'<': '&lt;',
'>': '&gt;',
'"': '&quot;',
"'": '&#x27;'
"'": '&#x27;',
'`': '&#96;'
};
/** Used to convert HTML entities to characters */
@@ -80,7 +81,8 @@
'&lt;': '<',
'&gt;': '>',
'&quot;': '"',
'&#x27;': "'"
'&#x27;': "'",
'&#96;': '`'
};
/** Used to determine if values are of the language type Object */
@@ -4417,11 +4419,14 @@
/*--------------------------------------------------------------------------*/
/**
* Converts the characters `&`, `<`, `>`, `"`, and `'` in `string` to
* Converts the characters `&`, `<`, `>`, `"`, `'`, and ``` in `string` to
* their corresponding HTML entities.
*
* Note: No other characters are escaped. To escape additional characters
* use a third-party library like [_he_](http://mths.be/he).
* use a third-party library like [_he_](http://mths.be/he). When working
* with HTML you should always quote attribute values to reduce XSS vectors.
* See [Ryan Grove's article](http://wonko.com/post/html-escaping) for more
* details.
*
* @static
* @memberOf _
@@ -4581,8 +4586,8 @@
/**
* The inverse of `_.escape`; this method converts the HTML entities
* `&amp;`, `&lt;`, `&gt;`, `&quot;`, and `&#39;` in `string` to their
* corresponding characters.
* `&amp;`, `&lt;`, `&gt;`, `&quot;`, `&#39;`, and `&#96;` in `string` to
* their corresponding characters.
*
* Note: No other HTML entities are unescaped. To unescape additional HTML
* entities use a third-party library like [_he_](http://mths.be/he).