From 60caed99f8e71cc04402d88d7f22d5955462b07b Mon Sep 17 00:00:00 2001 From: Jan Lehnardt Date: Sun, 24 Oct 2010 11:01:41 +0200 Subject: [PATCH] Escape single quotes to be HTML5 compliant. HTML tag attributes in HTML5 can use single quotes (') as delimiters. Patch by Tom Lynn. --- examples/apostrophe.html | 1 + examples/apostrophe.js | 1 + examples/apostrophe.txt | 1 + mustache.js | 3 ++- 4 files changed, 5 insertions(+), 1 deletion(-) create mode 100644 examples/apostrophe.html create mode 100644 examples/apostrophe.js create mode 100644 examples/apostrophe.txt diff --git a/examples/apostrophe.html b/examples/apostrophe.html new file mode 100644 index 0000000..e8687aa --- /dev/null +++ b/examples/apostrophe.html @@ -0,0 +1 @@ +{{apos}}{{control}} diff --git a/examples/apostrophe.js b/examples/apostrophe.js new file mode 100644 index 0000000..df69cd2 --- /dev/null +++ b/examples/apostrophe.js @@ -0,0 +1 @@ +var apostrophe = {'apos': "'", 'control':'X'}; diff --git a/examples/apostrophe.txt b/examples/apostrophe.txt new file mode 100644 index 0000000..4427c30 --- /dev/null +++ b/examples/apostrophe.txt @@ -0,0 +1 @@ +'X diff --git a/mustache.js b/mustache.js index f7b2146..e19109f 100644 --- a/mustache.js +++ b/mustache.js @@ -244,11 +244,12 @@ var Mustache = function() { */ escape: function(s) { s = String(s === null ? "" : s); - return s.replace(/&(?!\w+;)|["<>\\]/g, function(s) { + return s.replace(/&(?!\w+;)|["''<>\\]/g, function(s) { switch(s) { case "&": return "&"; case "\\": return "\\\\"; case '"': return '"'; + case "'": return '''; case "<": return "<"; case ">": return ">"; default: return s;