Skip to content

Commit 0cdc525

Browse files
Fixed escapeHTML function
to skip not only &***;, but also &#***; and &x***;
1 parent 7216d99 commit 0cdc525

File tree

1 file changed

+1
-1
lines changed

1 file changed

+1
-1
lines changed

backbone.js

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1079,7 +1079,7 @@
10791079

10801080
// Helper function to escape a string for HTML rendering.
10811081
var escapeHTML = function(string) {
1082-
return string.replace(/&(?!\w+;)/g, '&amp;').replace(/</g, '&lt;').replace(/>/g, '&gt;').replace(/"/g, '&quot;');
1082+
return string.replace(/&(?!\w+;|#\d+;|#x[\da-f]+;)/gi, '&amp;').replace(/</g, '&lt;').replace(/>/g, '&gt;').replace(/"/g, '&quot;');
10831083
};
10841084

10851085
}).call(this);

0 commit comments

Comments
 (0)