diff options
| -rw-r--r-- | lib/handlebars/utils.js | 3 | ||||
| -rw-r--r-- | spec/qunit_spec.js | 2 |
2 files changed, 4 insertions, 1 deletions
diff --git a/lib/handlebars/utils.js b/lib/handlebars/utils.js index bd5d0eb..b53c9ef 100644 --- a/lib/handlebars/utils.js +++ b/lib/handlebars/utils.js @@ -22,6 +22,7 @@ Handlebars.SafeString.prototype.toString = function() { (function() { var escape = { + "&": "&", "<": "<", ">": ">", '"': """, @@ -29,7 +30,7 @@ Handlebars.SafeString.prototype.toString = function() { "`": "`" }; - var badChars = /&(?!\w+;)|[<>"'`]/g; + var badChars = /[&<>"'`]/g; var possible = /[&<>"'`]/; var escapeChar = function(chr) { diff --git a/spec/qunit_spec.js b/spec/qunit_spec.js index 3a87d6c..b0ea551 100644 --- a/spec/qunit_spec.js +++ b/spec/qunit_spec.js @@ -96,6 +96,8 @@ test("escaping expressions", function() { shouldCompileTo("{{awesome}}", {awesome: "&\"'`\\<>"}, '&"'`\\<>', "by default expressions should be escaped"); + shouldCompileTo("{{awesome}}", {awesome: "Escaped, <b> looks like: <b>"}, 'Escaped, <b> looks like: &lt;b&gt;', + "escaping should properly handle amperstands"); }); test("functions returning safestrings shouldn't be escaped", function() { |