Skip to content
This repository

Support more HTML entities with _.escape and _.unescape #1370

alanhamlett opened this Issue · 1 comment

2 participants

Alan Hamlett Adam Krebs
Alan Hamlett

Currently _.escape only replaces these:
&, <, >, ", '

And _.unescape only replaces these:
&amp;, &lt;, &gt;, &quot;, &#x27;

What are your thoughts on supporting more replacements?

Adam Krebs

_.escape / _.unescape are mainly helpful in dealing with the 5 characters significant in XML (and therefore in HTML) for preventing XSS in templates. What's your use case for adding more? It should be pretty easy to add them in yourself if you need it.

Also check out #1189 for some recent discussion and background.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.