Commit 4dba8cf9 authored by Sindre Sorhus's avatar Sindre Sorhus

Merge pull request #440 from passy/maria-xss

Maria: Fixed HTML escaping
parents 00435de1 154f4f70
...@@ -6,7 +6,11 @@ checkit.isBlank = function(str) { ...@@ -6,7 +6,11 @@ checkit.isBlank = function(str) {
}; };
checkit.escapeHTML = function(str) { checkit.escapeHTML = function(str) {
return str.replace('&', '&amp;').replace('<', '&lt;'); return String(str)
.replace(/&(?!\w+;)/g, '&amp;')
.replace(/</g, '&lt;')
.replace(/>/g, '&gt;')
.replace(/"/g, '&quot;');
}; };
checkit.isEnterKeyCode = function(keyCode) { checkit.isEnterKeyCode = function(keyCode) {
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment