Merge pull request #132 from bem/fix/escaping

Add escaping of characters to their corresponding HTML entities
bem · Oct 1, 2015 · 3c5b6f0 · 3c5b6f0
2 parents 88d3454 + d889ba4
commit 3c5b6f0
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 16 deletions.
diff --git a/lib/utils/serialize.js b/lib/utils/serialize.js
@@ -1,7 +1,8 @@
+var _ = require('lodash');
+
 /**
  * Serializes HTML elements back to raw HTML
  */
-
 module.exports = {
     /**
      * @param {String} name
@@ -37,7 +38,7 @@ module.exports = {
         var res = '<' + tagName;
 
         attrs.forEach(function (attr) {
-            res += ' ' + attr.name + '="' + escape(attr.value) + '"';
+            res += ' ' + attr.name + '="' + _.escape(attr.value) + '"';
         });
 
         selfClosing && (res += '/');
@@ -56,7 +57,7 @@ module.exports = {
      * @returns {String}
      */
     text: function (text) {
-        return text;
+        return _.escape(text);
     },
     /**
      * @param {String} text
@@ -66,15 +67,3 @@ module.exports = {
         return '<!--' + text + '-->';
     }
 };
-
-/**
- * @param {String} str
- * @returns {String}
- */
-function escape(str) {
-    return String(str)
-        .replace(/&/g, '&amp;')
-        .replace(/"/g, '&quot;')
-        .replace(/</g, '&lt;')
-        .replace(/>/g, '&gt;');
-}
diff --git a/test/unit/serialize.js b/test/unit/serialize.js
@@ -63,7 +63,7 @@ describe('\'serialize\'', function () {
     it('must serialize text', function () {
         var output = '\nblah\t&quot;';
 
-        serialize.text('\nblah\t&quot;').must.be.equal(output);
+        serialize.text('\nblah\t"').must.be.equal(output);
     });
 
     it('must serialize comments', function () {