diff options
| -rw-r--r-- | js/lib/html.js | 15 |
1 files changed, 10 insertions, 5 deletions
diff --git a/js/lib/html.js b/js/lib/html.js index 37ee903..12a8db9 100644 --- a/js/lib/html.js +++ b/js/lib/html.js @@ -201,7 +201,7 @@ var renderNodes = function(block, options) { } cr(); out(tag('pre') + tag('code', attrs)); - out(this.escape(node.literal)); + out(esc(node.literal)); out(tag('/code') + tag('/pre')); cr(); break; @@ -230,7 +230,7 @@ var renderNodes = function(block, options) { return buffer; }; -var sub = function(s) { +var replaceUnsafeChar = function(s) { switch (s) { case '&': return '&'; @@ -245,6 +245,7 @@ var sub = function(s) { } }; +var reNeedsEscaping = /[&<>"]/; // The HtmlRenderer object. function HtmlRenderer(){ @@ -256,10 +257,14 @@ function HtmlRenderer(){ // set to "<br />" to make them hard breaks // set to " " if you want to ignore line wrapping in source escape: function(s, preserve_entities) { - if (preserve_entities) { - return s.replace(/[&](?:[#](x[a-f0-9]{1,8}|[0-9]{1,8});|[a-z][a-z0-9]{1,31};)|[&<>"]/gi, sub); + if (reNeedsEscaping.test(s)) { + if (preserve_entities) { + return s.replace(/[&](?:[#](x[a-f0-9]{1,8}|[0-9]{1,8});|[a-z][a-z0-9]{1,31};)|[&<>"]/gi, replaceUnsafeChar); + } else { + return s.replace(/[&<>"]/g, replaceUnsafeChar); + } } else { - return s.replace(/[&<>"]/g, sub); + return s; } }, render: renderNodes |