I found that if I pass any interpolation options without including escapeValue, this.escapeValue will get set to undefined in Interpolator. The documentation indicates escapeValue defaults to true, so this could cause variables to not be escaped as expected in some cases.
This config, for example, will result in i18next not escaping variables as expected:
It's worth noting that it could potentially be a XSS security issue for users of i18next if they believe variables are getting escaped when they actually aren't.
Add tests around Interpolator options
Make interpolation.escapeValue always default to true
BTW, for bonus points, I added a bunch of tests around the Interpolator options.
Coverage remained the same at 64.852% when pulling d367309 on alexmchardy:fix-interpolation-escapevalue-default into dbf3693 on i18next:master.
thanks a lot: merged and published in email@example.com