Mirrors/lodash
1
0
Fork 0
mirror of https://github.com/whoisclebs/lodash.git synced 2026-02-10 10:57:49 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add doc note about escaping backticks. [ci skip]

Browse Source
This commit is contained in:
John-David Dalton
2014-01-31 00:40:24 -08:00
parent 618c8bb5ad
commit 65258d5b6a
5 changed files with 228 additions and 198 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
dist/lodash.compat.js vendored
View File

@@ -141,12 +141,17 @@
}; };
/** /**
* Used to convert characters to HTML entities: * Used to convert characters to HTML entities.
* *
* Though the `>` character is escaped for symmetry, characters like `>` and `/` * Note: Though the `>` character is escaped for symmetry, characters like `>`
* don't require escaping in HTML and have no special meaning unless they're part * and `/` don't require escaping in HTML and have no special meaning unless
* of a tag or an unquoted attribute value. * they're part of a tag or unquoted attribute value.
* http://mathiasbynens.be/notes/ambiguous-ampersands (under "semi-related fun fact") * See [Mathias' article](http://mathiasbynens.be/notes/ambiguous-ampersands)
* (under "semi-related fun fact") for more details.
*
* Backticks are escaped because IE < 9 allows them to be used as attribute
* value delimiters. See [Ryan Grove's article](http://wonko.com/post/html-escaping)
* for more details.
*/ */
var htmlEscapes = { var htmlEscapes = {
'&': '&amp;', '&': '&amp;',
@@ -6570,14 +6575,15 @@
} }
/** /**
* Converts the characters `&`, `<`, `>`, `"`, `'`, and ``` in `string` to * Converts the characters "&", "<", ">", '"', "'", and "\`" in `string` to
* their corresponding HTML entities. * their corresponding HTML entities.
* *
* Note: No other characters are escaped. To escape additional characters * Note: No other characters are escaped. To escape additional characters
* use a third-party library like [_he_](http://mths.be/he). When working * use a third-party library like [_he_](http://mths.be/he).
* with HTML you should always quote attribute values to reduce XSS vectors. *
* See [Ryan Grove's article](http://wonko.com/post/html-escaping) for more * When working with HTML you should always quote attribute values to reduce
* details. * XSS vectors. See [Ryan Grove's article](http://wonko.com/post/html-escaping)
* for more details.
* *
* @static * @static
* @memberOf _ * @memberOf _
@@ -6598,7 +6604,8 @@
* whitespace, and correctly escapes quotes within interpolated code. * whitespace, and correctly escapes quotes within interpolated code.
* *
* Note: In the development build, `_.template` utilizes sourceURLs for easier * Note: In the development build, `_.template` utilizes sourceURLs for easier
* debugging. See [HTML5 Rocks' article on sourcemaps](http://www.html5rocks.com/en/tutorials/developertools/sourcemaps/#toc-sourceurl). * debugging. See [HTML5 Rocks' article on sourcemaps](http://www.html5rocks.com/en/tutorials/developertools/sourcemaps/#toc-sourceurl)
* for more details.
* *
* For more information on precompiling templates see * For more information on precompiling templates see
* [Lo-Dash's custom builds documentation](http://lodash.com/custom-builds). * [Lo-Dash's custom builds documentation](http://lodash.com/custom-builds).

29
dist/lodash.js vendored
View File

@@ -134,12 +134,17 @@
}; };
/** /**
* Used to convert characters to HTML entities: * Used to convert characters to HTML entities.
* *
* Though the `>` character is escaped for symmetry, characters like `>` and `/` * Note: Though the `>` character is escaped for symmetry, characters like `>`
* don't require escaping in HTML and have no special meaning unless they're part * and `/` don't require escaping in HTML and have no special meaning unless
* of a tag or an unquoted attribute value. * they're part of a tag or unquoted attribute value.
* http://mathiasbynens.be/notes/ambiguous-ampersands (under "semi-related fun fact") * See [Mathias' article](http://mathiasbynens.be/notes/ambiguous-ampersands)
* (under "semi-related fun fact") for more details.
*
* Backticks are escaped because IE < 9 allows them to be used as attribute
* value delimiters. See [Ryan Grove's article](http://wonko.com/post/html-escaping)
* for more details.
*/ */
var htmlEscapes = { var htmlEscapes = {
'&': '&amp;', '&': '&amp;',
@@ -6291,14 +6296,15 @@
} }
/** /**
* Converts the characters `&`, `<`, `>`, `"`, `'`, and ``` in `string` to * Converts the characters "&", "<", ">", '"', "'", and "\`" in `string` to
* their corresponding HTML entities. * their corresponding HTML entities.
* *
* Note: No other characters are escaped. To escape additional characters * Note: No other characters are escaped. To escape additional characters
* use a third-party library like [_he_](http://mths.be/he). When working * use a third-party library like [_he_](http://mths.be/he).
* with HTML you should always quote attribute values to reduce XSS vectors. *
* See [Ryan Grove's article](http://wonko.com/post/html-escaping) for more * When working with HTML you should always quote attribute values to reduce
* details. * XSS vectors. See [Ryan Grove's article](http://wonko.com/post/html-escaping)
* for more details.
* *
* @static * @static
* @memberOf _ * @memberOf _
@@ -6319,7 +6325,8 @@
* whitespace, and correctly escapes quotes within interpolated code. * whitespace, and correctly escapes quotes within interpolated code.
* *
* Note: In the development build, `_.template` utilizes sourceURLs for easier * Note: In the development build, `_.template` utilizes sourceURLs for easier
* debugging. See [HTML5 Rocks' article on sourcemaps](http://www.html5rocks.com/en/tutorials/developertools/sourcemaps/#toc-sourceurl). * debugging. See [HTML5 Rocks' article on sourcemaps](http://www.html5rocks.com/en/tutorials/developertools/sourcemaps/#toc-sourceurl)
* for more details.
* *
* For more information on precompiling templates see * For more information on precompiling templates see
* [Lo-Dash's custom builds documentation](http://lodash.com/custom-builds). * [Lo-Dash's custom builds documentation](http://lodash.com/custom-builds).

29
dist/lodash.underscore.js vendored
View File

@@ -59,12 +59,17 @@
stringClass = '[object String]'; stringClass = '[object String]';
/** /**
* Used to convert characters to HTML entities: * Used to convert characters to HTML entities.
* *
* Though the `>` character is escaped for symmetry, characters like `>` and `/` * Note: Though the `>` character is escaped for symmetry, characters like `>`
* don't require escaping in HTML and have no special meaning unless they're part * and `/` don't require escaping in HTML and have no special meaning unless
* of a tag or an unquoted attribute value. * they're part of a tag or unquoted attribute value.
* http://mathiasbynens.be/notes/ambiguous-ampersands (under "semi-related fun fact") * See [Mathias' article](http://mathiasbynens.be/notes/ambiguous-ampersands)
* (under "semi-related fun fact") for more details.
*
* Backticks are escaped because IE < 9 allows them to be used as attribute
* value delimiters. See [Ryan Grove's article](http://wonko.com/post/html-escaping)
* for more details.
*/ */
var htmlEscapes = { var htmlEscapes = {
'&': '&amp;', '&': '&amp;',
@@ -4419,14 +4424,15 @@
/*--------------------------------------------------------------------------*/ /*--------------------------------------------------------------------------*/
/** /**
* Converts the characters `&`, `<`, `>`, `"`, `'`, and ``` in `string` to * Converts the characters "&", "<", ">", '"', "'", and "\`" in `string` to
* their corresponding HTML entities. * their corresponding HTML entities.
* *
* Note: No other characters are escaped. To escape additional characters * Note: No other characters are escaped. To escape additional characters
* use a third-party library like [_he_](http://mths.be/he). When working * use a third-party library like [_he_](http://mths.be/he).
* with HTML you should always quote attribute values to reduce XSS vectors. *
* See [Ryan Grove's article](http://wonko.com/post/html-escaping) for more * When working with HTML you should always quote attribute values to reduce
* details. * XSS vectors. See [Ryan Grove's article](http://wonko.com/post/html-escaping)
* for more details.
* *
* @static * @static
* @memberOf _ * @memberOf _
@@ -4447,7 +4453,8 @@
* whitespace, and correctly escapes quotes within interpolated code. * whitespace, and correctly escapes quotes within interpolated code.
* *
* Note: In the development build, `_.template` utilizes sourceURLs for easier * Note: In the development build, `_.template` utilizes sourceURLs for easier
* debugging. See [HTML5 Rocks' article on sourcemaps](http://www.html5rocks.com/en/tutorials/developertools/sourcemaps/#toc-sourceurl). * debugging. See [HTML5 Rocks' article on sourcemaps](http://www.html5rocks.com/en/tutorials/developertools/sourcemaps/#toc-sourceurl)
* for more details.
* *
* For more information on precompiling templates see * For more information on precompiling templates see
* [Lo-Dash's custom builds documentation](http://lodash.com/custom-builds). * [Lo-Dash's custom builds documentation](http://lodash.com/custom-builds).

310
doc/README.md
View File

File diff suppressed because it is too large Load Diff

29
lodash.js
View File

@@ -140,12 +140,17 @@
}; };
/** /**
* Used to convert characters to HTML entities: * Used to convert characters to HTML entities.
* *
* Though the `>` character is escaped for symmetry, characters like `>` and `/` * Note: Though the `>` character is escaped for symmetry, characters like `>`
* don't require escaping in HTML and have no special meaning unless they're part * and `/` don't require escaping in HTML and have no special meaning unless
* of a tag or an unquoted attribute value. * they're part of a tag or unquoted attribute value.
* http://mathiasbynens.be/notes/ambiguous-ampersands (under "semi-related fun fact") * See [Mathias' article](http://mathiasbynens.be/notes/ambiguous-ampersands)
* (under "semi-related fun fact") for more details.
*
* Backticks are escaped because IE < 9 allows them to be used as attribute
* value delimiters. See [Ryan Grove's article](http://wonko.com/post/html-escaping)
* for more details.
*/ */
var htmlEscapes = { var htmlEscapes = {
'&': '&amp;', '&': '&amp;',
@@ -6587,14 +6592,15 @@
} }
/** /**
* Converts the characters `&`, `<`, `>`, `"`, `'`, and ``` in `string` to * Converts the characters "&", "<", ">", '"', "'", and "\`" in `string` to
* their corresponding HTML entities. * their corresponding HTML entities.
* *
* Note: No other characters are escaped. To escape additional characters * Note: No other characters are escaped. To escape additional characters
* use a third-party library like [_he_](http://mths.be/he). When working * use a third-party library like [_he_](http://mths.be/he).
* with HTML you should always quote attribute values to reduce XSS vectors. *
* See [Ryan Grove's article](http://wonko.com/post/html-escaping) for more * When working with HTML you should always quote attribute values to reduce
* details. * XSS vectors. See [Ryan Grove's article](http://wonko.com/post/html-escaping)
* for more details.
* *
* @static * @static
* @memberOf _ * @memberOf _
@@ -6615,7 +6621,8 @@
* whitespace, and correctly escapes quotes within interpolated code. * whitespace, and correctly escapes quotes within interpolated code.
* *
* Note: In the development build, `_.template` utilizes sourceURLs for easier * Note: In the development build, `_.template` utilizes sourceURLs for easier
* debugging. See [HTML5 Rocks' article on sourcemaps](http://www.html5rocks.com/en/tutorials/developertools/sourcemaps/#toc-sourceurl). * debugging. See [HTML5 Rocks' article on sourcemaps](http://www.html5rocks.com/en/tutorials/developertools/sourcemaps/#toc-sourceurl)
* for more details.
* *
* For more information on precompiling templates see * For more information on precompiling templates see
* [Lo-Dash's custom builds documentation](http://lodash.com/custom-builds). * [Lo-Dash's custom builds documentation](http://lodash.com/custom-builds).