diff --git a/lib/web/assets/app.js b/lib/web/assets/app.js
index ac14357..d1d06ea 100644
--- a/lib/web/assets/app.js
+++ b/lib/web/assets/app.js
@@ -182,18 +182,9 @@ window.App = (function (window, document) {
* @private
*/
var _escape = function (text) {
- var entityMap = {
- '&': '&',
- '<': '<',
- '>': '>',
- '"': '"',
- '\'': ''',
- '/': '/'
- };
-
- return String(text).replace(/[&<>"'\/]/g, function (s) {
- return entityMap[s];
- });
+ var div = document.createElement('div');
+ div.appendChild(document.createTextNode(text));
+ return div.innerHTML;
};
return {
diff --git a/package.json b/package.json
index 8b58eaf..6cd5d4e 100644
--- a/package.json
+++ b/package.json
@@ -19,7 +19,7 @@
"jscs": "^1.6.2",
"jsdom": "^3.1.0",
"jshint": "~2.3.0",
- "mocha": "~2.2.0",
+ "mocha": "~2.3.2",
"should": "~3.3.2",
"sinon": "~1.7.3",
"supertest": "~0.8.1",
diff --git a/test/app.js b/test/app.js
index 3696927..146aece 100644
--- a/test/app.js
+++ b/test/app.js
@@ -98,6 +98,13 @@ describe('browser application', function () {
);
});
+ it('should escape HTML', function () {
+ io.emit('line', '');
+
+ var line = window.document.querySelector('.line');
+ line.innerHTML.should.equal('<a/>
');
+ });
+
function initApp() {
window.App.init({
socket: io,