Support more HTML entities with _.escape and _.unescape #1370

alanhamlett opened this Issue Dec 9, 2013 · 1 comment


None yet

2 participants


Currently _.escape only replaces these:
&, <, >, ", '

And _.unescape only replaces these:
&amp;, &lt;, &gt;, &quot;, &#x27;

What are your thoughts on supporting more replacements?

akre54 commented Dec 9, 2013

_.escape / _.unescape are mainly helpful in dealing with the 5 characters significant in XML (and therefore in HTML) for preventing XSS in templates. What's your use case for adding more? It should be pretty easy to add them in yourself if you need it.

Also check out #1189 for some recent discussion and background.

@akre54 akre54 closed this Dec 18, 2013
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment