Optimize attribute escaping

lib/bh.js

@@ -975,11 +975,11 @@ BH.prototype = {
             }
 
             if (json.cls) {
-                cls = cls ? cls + ' ' + json.cls : json.cls;
+                cls = (cls ? cls + ' ' : '') + attrEscape(json.cls);
             }
 
             var content, tag = (json.tag || 'div');
-            res = '<' + tag + (cls ? ' class="' + attrEscape(cls) + '"' : '') + (attrs ? attrs : '');
+            res = '<' + tag + (cls ? ' class="' + cls + '"' : '') + (attrs ? attrs : '');
 
             if (selfCloseHtmlTags[tag]) {
                 res += '/>';
@@ -1029,11 +1029,27 @@ var selfCloseHtmlTags = {
 var xmlEscape = BH.prototype.xmlEscape = function(str) {
     return (str + '').replace(/&/g, '&amp;').replace(/</g, '&lt;').replace(/>/g, '&gt;');
 };
+
 var attrEscape = BH.prototype.attrEscape = function(str) {
-    return (str + '').replace(/&/g, '&amp;').replace(/</g, '&lt;').replace(/>/g, '&gt;').replace(/"/g, '&quot;');
+    str += '';
+    if (~str.indexOf('&')) {
+        str = str.replace(/&/g, '&amp;');
+    }
+    if (~str.indexOf('"')) {
+        str = str.replace(/"/g, '&quot;');
+    }
+    return str;
 };
+
 var jsAttrEscape = BH.prototype.jsAttrEscape = function(str) {
-    return (str + '').replace(/&/g, '&amp;').replace(/</g, '&lt;').replace(/>/g, '&gt;').replace(/'/g, '&#39;');
+    str += '';
+    if (~str.indexOf('&')) {
+        str = str.replace(/&/g, '&amp;');
+    }
+    if (~str.indexOf('\'')) {
+        str = str.replace(/'/g, '&#39;');
+    }
+    return str;
 };
 
 var toBemCssClasses = function(json, base, parentBase, nobase) {

test/test.escape.js

@@ -23,7 +23,7 @@ describe('bh.attrEscape()', function() {
 
     it('should escape xml attr string', function() {
         bh.match('button', function() {
-            bh.attrEscape('<b id="a">&</b>').should.equal('&lt;b id=&quot;a&quot;&gt;&amp;&lt;/b&gt;');
+            bh.attrEscape('<b id="a">&</b>').should.equal('<b id=&quot;a&quot;>&amp;</b>');
         });
         bh.apply({ block: 'button' });
     });
@@ -37,7 +37,7 @@ describe('bh.jsAttrEscape()', function() {
 
     it('should escape xml attr js string', function() {
         bh.match('button', function() {
-            bh.jsAttrEscape('<b id="a">\'&\'</b>').should.equal('&lt;b id="a"&gt;&#39;&amp;&#39;&lt;/b&gt;');
+            bh.jsAttrEscape('<b id="a">\'&\'</b>').should.equal('<b id="a">&#39;&amp;&#39;</b>');
         });
         bh.apply({ block: 'button' });
     });

test/test.toHtml.js

@@ -124,8 +124,7 @@ describe('bh.toHtml()', function() {
                 attrs: { href: '<script type="javascript">window && alert(document.cookie)</script>' },
                 content: 'link'
             }).should.equal(
-                '<a href="&lt;script type=&quot;javascript&quot;&gt;window &amp;&amp; ' +
-                'alert(document.cookie)&lt;/script&gt;">link</a>');
+                '<a href="<script type=&quot;javascript&quot;>window &amp;&amp; alert(document.cookie)</script>">link</a>');
         });
     });