diff options
| author | Brian Palmer <brianp@instructure.com> | 2012-02-29 11:25:51 -0700 |
|---|---|---|
| committer | Brian Palmer <brianp@instructure.com> | 2012-02-29 11:25:51 -0700 |
| commit | bd9a84a0b74958ac9ca3fab45c125a6211c378fa (patch) | |
| tree | eb6f4595d2431906e24ea930e75a6b847265304e /spec/qunit_spec.js | |
| parent | 24e04bad949405dae145d40fbea6a97bafb1c78d (diff) | |
| download | handlebars.js-bd9a84a0b74958ac9ca3fab45c125a6211c378fa.zip handlebars.js-bd9a84a0b74958ac9ca3fab45c125a6211c378fa.tar.gz handlebars.js-bd9a84a0b74958ac9ca3fab45c125a6211c378fa.tar.bz2 | |
properly handle amperstands when HTML escaping
escapeExpression, when given a string like ">", was simply returning
">", not escaping the amperstand. This is incorrect, and makes it
impossible to have Handlebars properly escape a
string like "Escaped, <b> looks like: <b>"
If the intention of the user is to not escape these characters, then
{{{}}} or {{&}} should be used
Diffstat (limited to 'spec/qunit_spec.js')
| -rw-r--r-- | spec/qunit_spec.js | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/spec/qunit_spec.js b/spec/qunit_spec.js index 3a87d6c..b0ea551 100644 --- a/spec/qunit_spec.js +++ b/spec/qunit_spec.js @@ -96,6 +96,8 @@ test("escaping expressions", function() { shouldCompileTo("{{awesome}}", {awesome: "&\"'`\\<>"}, '&"'`\\<>', "by default expressions should be escaped"); + shouldCompileTo("{{awesome}}", {awesome: "Escaped, <b> looks like: <b>"}, 'Escaped, <b> looks like: &lt;b&gt;', + "escaping should properly handle amperstands"); }); test("functions returning safestrings shouldn't be escaped", function() { |