Improve tokenization. Add escaping HTML attributes

bem · Oct 14, 2014 · 7e87ace · 7e87ace
1 parent c857761
commit 7e87ace
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 2 deletions.
diff --git a/lib/index.js b/lib/index.js
@@ -11,7 +11,7 @@ var _ = require('lodash'),
 HtmlDiff.prototype.tokenize = function (html) {
     html = modifyHtmlAccordingToOptions(html, this.options);
 
-    return _.filter(html.split(/(\s+|\b)/));
+    return _.filter(html.split(/([{}:;,<>"'\[\]]|\s+)/));
 };
 
 /**

diff --git a/lib/utils/serialize.js b/lib/utils/serialize.js
@@ -37,7 +37,7 @@ module.exports = {
         var res = '<' + tagName;
 
         attrs.forEach(function (attr) {
-            res += ' ' + attr.name + '="' + attr.value + '"';
+            res += ' ' + attr.name + '="' + escape(attr.value) + '"';
         });
 
         selfClosing && (res += '/');
@@ -63,3 +63,11 @@ module.exports = {
         return '<!--' + text + '-->';
     }
 };
+
+function escape(str) {
+    return String(str)
+        .replace(/&/g, '&amp;')
+        .replace(/"/g, '&quot;')
+        .replace(/</g, '&lt;')
+        .replace(/>/g, '&gt;');
+}