Rename escapeEtago to isScriptContext and make it escape <!--

See <https://mathiasbynens.be/notes/etago#comment-8>:

> By escaping `<!--`, old browsers without an HTML5 parser behave the same as modern browsers with an HTML5 parser.

README.md

@@ -186,13 +186,13 @@ jsesc([ 'Ich ♥ Bücher': 'foo 𝌆 bar' ], {
 // → '[\'\x49\x63\x68\x20\u2665\x20\x42\xFC\x63\x68\x65\x72\',\'\x66\x6F\x6F\x20\uD834\uDF06\x20\x62\x61\x72\']'
 ```
 
-#### `escapeEtago`
+#### `isScriptContext`
 
-The `escapeEtago` option takes a boolean value (`true` or `false`), and defaults to `false` (disabled). When enabled, occurrences of [`</script` and `</style`](https://mathiasbynens.be/notes/etago) in the output are escaped as `<\/script` and `<\/style`. This setting is useful when jsesc’s output ends up as part of a `<script>` or `<style>` element in an HTML document.
+The `isScriptContext` option takes a boolean value (`true` or `false`), and defaults to `false` (disabled). When enabled, occurrences of [`</script` and `</style`](https://mathiasbynens.be/notes/etago) in the output are escaped as `<\/script` and `<\/style`, and [`<!--`](https://mathiasbynens.be/notes/etago#comment-8) is escaped as `\x3C!--` (or `\u003C!--` when the `json` option is enabled). This setting is useful when jsesc’s output ends up as part of a `<script>` or `<style>` element in an HTML document.
 
 ```js
 jsesc('foo</script>bar', {
-  'escapeEtago': true
+  'isScriptContext': true
 });
 // → 'foo<\\/script>bar'
 ```

jsesc.js

@@ -82,7 +82,7 @@ const jsesc = function(argument, options) {
 	// Handle options
 	const defaults = {
 		'escapeEverything': false,
-		'escapeEtago': false,
+		'isScriptContext': false,
 		'quotes': 'single',
 		'wrap': false,
 		'es6': false,
@@ -294,13 +294,15 @@ const jsesc = function(argument, options) {
 	if (options.wrap) {
 		result = quote + result + quote;
 	}
-	if (options.escapeEtago) {
+	if (options.isScriptContext) {
 		// https://mathiasbynens.be/notes/etago
-		return result.replace(/<\/(script|style)/gi, '<\\/$1');
+		return result
+			.replace(/<\/(script|style)/gi, '<\\/$1')
+			.replace(/<!--/g, json ? '\\u003C!--' : '\\x3C!--');
 	}
 	return result;
 };
 
-jsesc.version = '2.1.0';
+jsesc.version = '2.2.0';
 
 module.exports = jsesc;

src/jsesc.js

@@ -82,7 +82,7 @@ const jsesc = function(argument, options) {
 	// Handle options
 	const defaults = {
 		'escapeEverything': false,
-		'escapeEtago': false,
+		'isScriptContext': false,
 		'quotes': 'single',
 		'wrap': false,
 		'es6': false,
@@ -294,9 +294,11 @@ const jsesc = function(argument, options) {
 	if (options.wrap) {
 		result = quote + result + quote;
 	}
-	if (options.escapeEtago) {
+	if (options.isScriptContext) {
 		// https://mathiasbynens.be/notes/etago
-		return result.replace(/<\/(script|style)/gi, '<\\/$1');
+		return result
+			.replace(/<\/(script|style)/gi, '<\\/$1')
+			.replace(/<!--/g, json ? '\\u003C!--' : '\\x3C!--');
 	}
 	return result;
 };

tests/tests.js

@@ -66,17 +66,32 @@ describe('common usage', function() {
 		);
 		assert.equal(
 			jsesc('foo</script>bar</style>baz</script>qux', {
-				'escapeEtago': true
+				'isScriptContext': true
 			}),
 			'foo<\\/script>bar<\\/style>baz<\\/script>qux',
-			'escapeEtago'
+			'isScriptContext'
 		);
 		assert.equal(
 			jsesc('foo</sCrIpT>bar</STYLE>baz</SCRIPT>qux', {
-				'escapeEtago': true
+				'isScriptContext': true
 			}),
 			'foo<\\/sCrIpT>bar<\\/STYLE>baz<\\/SCRIPT>qux',
-			'escapeEtago'
+			'isScriptContext'
+		);
+		assert.equal(
+			jsesc('"<!--<script></script>";alert(1);', {
+				'isScriptContext': true
+			}),
+			'"\\x3C!--<script><\\/script>";alert(1);',
+			'isScriptContext'
+		);
+		assert.equal(
+			jsesc('"<!--<script></script>";alert(1);', {
+				'isScriptContext': true,
+				'json': true
+			}),
+			'"\\"\\u003C!--<script><\\/script>\\";alert(1);"',
+			'isScriptContext'
 		);
 		assert.equal(
 			jsesc([0x42, 0x1337], {