diff --git a/js/lib/html.js b/js/lib/html.js
@@ -213,6 +213,20 @@ var renderNodes = function(block) {
return buffer.join('');
};
+var sub = function(s) {
+ if (s === '&') {
+ return '&';
+ } else if (s === '<') {
+ return '<';
+ } else if (s === '>') {
+ return '>';
+ } else if (s === '"') {
+ return '"';
+ } else {
+ return s;
+ }
+};
+
// The HtmlRenderer object.
function HtmlRenderer(){
@@ -225,15 +239,9 @@ function HtmlRenderer(){
// set to " " if you want to ignore line wrapping in source
escape: function(s, preserve_entities) {
if (preserve_entities) {
- return s.replace(/[&](?![#](x[a-f0-9]{1,8}|[0-9]{1,8});|[a-z][a-z0-9]{1,31};)/gi, '&')
- .replace(/[<]/g, '<')
- .replace(/[>]/g, '>')
- .replace(/["]/g, '"');
+ return s.replace(/[&](?:[#](x[a-f0-9]{1,8}|[0-9]{1,8});|[a-z][a-z0-9]{1,31};)|[&<>"]/gi, sub);
} else {
- return s.replace(/[&]/g, '&')
- .replace(/[<]/g, '<')
- .replace(/[>]/g, '>')
- .replace(/["]/g, '"');
+ return s.replace(/[&<>"]/g, sub);
}
},
render: renderNodes