// "Fran & Freddie's Diner" <tasty@example.com>
// "Fran & Freddie's Diner" <tasty@example.com>
// "Fran & Freddie's Diner"32<tasty@example.com>
- // \"Fran & Freddie\'s Diner\" \x3Ctasty@example.com\x3E
- // \"Fran & Freddie\'s Diner\" \x3Ctasty@example.com\x3E
- // \"Fran & Freddie\'s Diner\"32\x3Ctasty@example.com\x3E
+ // \"Fran \x26 Freddie\'s Diner\" \x3Ctasty@example.com\x3E
+ // \"Fran \x26 Freddie\'s Diner\" \x3Ctasty@example.com\x3E
+ // \"Fran \x26 Freddie\'s Diner\"32\x3Ctasty@example.com\x3E
// %22Fran+%26+Freddie%27s+Diner%2232%3Ctasty%40example.com%3E
}
{`Yukihiro says "今日は世界"`, `Yukihiro says \"今日は世界\"`},
{"unprintable \uFDFF", `unprintable \uFDFF`},
{`<html>`, `\x3Chtml\x3E`},
+ {`no = in attributes`, `no \x3D in attributes`},
+ {`' does not become HTML entity`, `\x26#x27; does not become HTML entity`},
}
for _, tc := range testCases {
s := JSEscapeString(tc.in)
jsQuot = []byte(`\"`)
jsLt = []byte(`\x3C`)
jsGt = []byte(`\x3E`)
+ jsAmp = []byte(`\x26`)
+ jsEq = []byte(`\x3D`)
)
// JSEscape writes to w the escaped JavaScript equivalent of the plain text data b.
w.Write(jsLt)
case '>':
w.Write(jsGt)
+ case '&':
+ w.Write(jsAmp)
+ case '=':
+ w.Write(jsEq)
default:
w.Write(jsLowUni)
t, b := c>>4, c&0x0f
func jsIsSpecial(r rune) bool {
switch r {
- case '\\', '\'', '"', '<', '>':
+ case '\\', '\'', '"', '<', '>', '&', '=':
return true
}
return r < ' ' || utf8.RuneSelf <= r