The developer(s) of html-escaper state(s), that:
do not ever replace one char after another if you are transforming a string into another.
That is what I do:
function escape(string) {
return string
.replace(/&/g, "&")
.replace(/"/g, """)
.replace(/'/g, "'")
.replace(/</g, "<")
.replace(/>/g, ">");
}
But I can't see any problem with this, because I escape the HTML and don't unescape it. Does someone see a flaw in this?
The developer(s) of html-escaper state(s), that:
That is what I do:
But I can't see any problem with this, because I escape the HTML and don't unescape it. Does someone see a flaw in this?