"<>=&" is compiled to "\x3c\x3e\x3d\x26"

[leeoniya]

probably missing some other entities here, too. this does not happen in the Java version.

test code:

const closure = require('google-closure-compiler-js').compile;

var test = 'var x = "<>=&";';

const flags = {
  jsCode: [{src: test}],
  languageIn: 'ECMASCRIPT5_STRICT',
  languageOut: 'ECMASCRIPT5',
  compilationLevel: 'SIMPLE',
};

var compiled = closure(flags).compiledCode;

console.log(compiled);       // var x="\x3c\x3e\x3d\x26";

[MatrixFrog]

IIRC this is the "trustedStrings" option. https://github.com/google/closure-compiler/blob/master/src/com/google/javascript/jscomp/CompilerOptions.java#L988

We can probably turn it on by default for the JS version.

[leeoniya]

hmm, thanks. i'll try that...unless it's not available in the js version?

FWIW the java version did also encode angle brackets but only if they were part of an html comment in a string: "<!-- foo -->" -> "\x3c!-- foo --\x3e". i dont believe this is technically necessary either. (unlike escaping / in "</script>".

[ChadKillingsworth]

The trusted strings option is now set. Deployment has moved to https://github.com/google/closure-compiler-npm

[leeoniya]

awesome, thanks!

any idea when this will trickle down to https://www.npmjs.com/package/google-closure-compiler-js ?

[ChadKillingsworth]

It won't. All development has moved to the main package.

[leeoniya]

sorry, misunderstood. thanks.