Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1177)

Unified Diff: src/string.js

Issue 10693101: Only escape U+0022 in argument values of HTML extensions to String.prototype (Closed) Base URL: git://github.com/v8/v8.git@master
Patch Set: Created 8 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: src/string.js
diff --git a/src/string.js b/src/string.js
index 6115930b6c8ff69568f425b8b996a821bc93cb87..eaeb198dce85366d5e3759ec4a649fe586f85991 100644
--- a/src/string.js
+++ b/src/string.js
@@ -825,10 +825,7 @@ function StringFromCharCode(code) {
// Helper function for very basic XSS protection.
function HtmlEscape(str) {
- return TO_STRING_INLINE(str).replace(/</g, "&lt;")
- .replace(/>/g, "&gt;")
- .replace(/"/g, "&quot;")
- .replace(/'/g, "&#039;");
+ return TO_STRING_INLINE(str).replace(/"/g, "&quot;");
}
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698