diff options
author | John MacFarlane <jgm@berkeley.edu> | 2015-01-10 15:12:26 -0800 |
---|---|---|
committer | John MacFarlane <jgm@berkeley.edu> | 2015-01-10 15:12:26 -0800 |
commit | f1768054bcdbb2f439e5851e12d0cfd7819adc50 (patch) | |
tree | 73c84ef8fb1c8eb723c1e65a3f03c5e51f3db25a | |
parent | 3d6fa8afd83d4eba90f817139812801676740af8 (diff) |
HTML renderer: Test for characters that need escaping before substituting.
-rw-r--r-- | js/lib/html.js | 15 |
1 files changed, 10 insertions, 5 deletions
diff --git a/js/lib/html.js b/js/lib/html.js index 37ee903..12a8db9 100644 --- a/js/lib/html.js +++ b/js/lib/html.js @@ -201,7 +201,7 @@ var renderNodes = function(block, options) { } cr(); out(tag('pre') + tag('code', attrs)); - out(this.escape(node.literal)); + out(esc(node.literal)); out(tag('/code') + tag('/pre')); cr(); break; @@ -230,7 +230,7 @@ var renderNodes = function(block, options) { return buffer; }; -var sub = function(s) { +var replaceUnsafeChar = function(s) { switch (s) { case '&': return '&'; @@ -245,6 +245,7 @@ var sub = function(s) { } }; +var reNeedsEscaping = /[&<>"]/; // The HtmlRenderer object. function HtmlRenderer(){ @@ -256,10 +257,14 @@ function HtmlRenderer(){ // set to "<br />" to make them hard breaks // set to " " if you want to ignore line wrapping in source escape: function(s, preserve_entities) { - if (preserve_entities) { - return s.replace(/[&](?:[#](x[a-f0-9]{1,8}|[0-9]{1,8});|[a-z][a-z0-9]{1,31};)|[&<>"]/gi, sub); + if (reNeedsEscaping.test(s)) { + if (preserve_entities) { + return s.replace(/[&](?:[#](x[a-f0-9]{1,8}|[0-9]{1,8});|[a-z][a-z0-9]{1,31};)|[&<>"]/gi, replaceUnsafeChar); + } else { + return s.replace(/[&<>"]/g, replaceUnsafeChar); + } } else { - return s.replace(/[&<>"]/g, sub); + return s; } }, render: renderNodes |