Support more HTML entities with _.escape and _.unescape #1370

Closed
alanhamlett opened this Issue Dec 9, 2013 · 1 comment

Projects

None yet

2 participants

@alanhamlett

Currently _.escape only replaces these:
&, <, >, ", '

And _.unescape only replaces these:
&amp;, &lt;, &gt;, &quot;, &#x27;

What are your thoughts on supporting more replacements?

@akre54
Collaborator
akre54 commented Dec 9, 2013

_.escape / _.unescape are mainly helpful in dealing with the 5 characters significant in XML (and therefore in HTML) for preventing XSS in templates. What's your use case for adding more? It should be pretty easy to add them in yourself if you need it.

Also check out #1189 for some recent discussion and background.

@akre54 akre54 closed this Dec 18, 2013
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment