summaryrefslogtreecommitdiff
path: root/js/lib
diff options
context:
space:
mode:
authorJohn MacFarlane <jgm@berkeley.edu>2015-01-10 15:12:26 -0800
committerJohn MacFarlane <jgm@berkeley.edu>2015-01-10 15:12:26 -0800
commitf1768054bcdbb2f439e5851e12d0cfd7819adc50 (patch)
tree73c84ef8fb1c8eb723c1e65a3f03c5e51f3db25a /js/lib
parent3d6fa8afd83d4eba90f817139812801676740af8 (diff)
HTML renderer: Test for characters that need escaping before substituting.
Diffstat (limited to 'js/lib')
-rw-r--r--js/lib/html.js15
1 files changed, 10 insertions, 5 deletions
diff --git a/js/lib/html.js b/js/lib/html.js
index 37ee903..12a8db9 100644
--- a/js/lib/html.js
+++ b/js/lib/html.js
@@ -201,7 +201,7 @@ var renderNodes = function(block, options) {
}
cr();
out(tag('pre') + tag('code', attrs));
- out(this.escape(node.literal));
+ out(esc(node.literal));
out(tag('/code') + tag('/pre'));
cr();
break;
@@ -230,7 +230,7 @@ var renderNodes = function(block, options) {
return buffer;
};
-var sub = function(s) {
+var replaceUnsafeChar = function(s) {
switch (s) {
case '&':
return '&amp;';
@@ -245,6 +245,7 @@ var sub = function(s) {
}
};
+var reNeedsEscaping = /[&<>"]/;
// The HtmlRenderer object.
function HtmlRenderer(){
@@ -256,10 +257,14 @@ function HtmlRenderer(){
// set to "<br />" to make them hard breaks
// set to " " if you want to ignore line wrapping in source
escape: function(s, preserve_entities) {
- if (preserve_entities) {
- return s.replace(/[&](?:[#](x[a-f0-9]{1,8}|[0-9]{1,8});|[a-z][a-z0-9]{1,31};)|[&<>"]/gi, sub);
+ if (reNeedsEscaping.test(s)) {
+ if (preserve_entities) {
+ return s.replace(/[&](?:[#](x[a-f0-9]{1,8}|[0-9]{1,8});|[a-z][a-z0-9]{1,31};)|[&<>"]/gi, replaceUnsafeChar);
+ } else {
+ return s.replace(/[&<>"]/g, replaceUnsafeChar);
+ }
} else {
- return s.replace(/[&<>"]/g, sub);
+ return s;
}
},
render: renderNodes