Skip to content
This repository has been archived by the owner on Jul 9, 2024. It is now read-only.

Commit

Permalink
fix: html encode backslashes if used with escape filter or autoescape (
Browse files Browse the repository at this point in the history 
…mozilla/nunjucks#1437)

Backslashes should be html encoded when present in expressions that are
passed to the escape filter (including when this happens automatically
with autoescape)

---

Ported from mozilla/nunjucks@ec16d21

Co-Authored-By: Frankie Dintino <fdintino@gmail.com>
  • Loading branch information
@valtlai @fdintino
valtlai and fdintino committed Apr 13, 2023
1 parent 80c93bf commit 0342af4
Show file tree
Hide file tree
Showing 2 changed files with 8 additions and 1 deletion.
6 changes: 6 additions & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,11 @@
# Changelog

## [3.2.4] (unreleased)
- Ported the upstream version v3.2.4
- HTML encode backslashes when expressions are passed through the escape
filter (including when this is done automatically with autoescape). Merge
of [#1427](https://github.com/mozilla/nunjucks/pull/1427).

## [3.2.3-2] (2022-11-03)
- Removed unsupported options from type declarations

Expand Down
3 changes: 2 additions & 1 deletion src/lib.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,9 +7,10 @@ const escapeMap = {
"'": "&#39;",
"<": "&lt;",
">": "&gt;",
"\\": "&#92;",
};

const escapeRegex = /[&"'<>]/g;
const escapeRegex = /[&"'<>\\]/g;

export function hasOwnProp(obj, k) {
return ObjProto.hasOwnProperty.call(obj, k);
Expand Down

0 comments on commit 0342af4

Please sign in to comment.