[Pkg-javascript-commits] [node-jsesc] 03/05: New upstream version 2.3.0

Mon Dec 12 10:00:11 UTC 2016

This is an automated email from the git hooks/post-receive script.

jpuydt-guest pushed a commit to branch master
in repository node-jsesc.

commit ed1c38a4e57ac53bc2949e09d30ff456d637a287
Author: Julien Puydt <julien.puydt at laposte.net>
Date:   Mon Dec 12 10:57:14 2016 +0100

    New upstream version 2.3.0
---
 README.md      |  6 +++---
 jsesc.js       | 10 ++++++----
 package.json   |  2 +-
 src/jsesc.js   |  8 +++++---
 tests/tests.js | 23 +++++++++++++++++++----
 5 files changed, 34 insertions(+), 15 deletions(-)

diff --git a/README.md b/README.md
index d86c8fa..0424f18 100644
--- a/README.md
+++ b/README.md
@@ -186,13 +186,13 @@ jsesc([ 'Ich ♥ Bücher': 'foo 𝌆 bar' ], {
 // → '[\'\x49\x63\x68\x20\u2665\x20\x42\xFC\x63\x68\x65\x72\',\'\x66\x6F\x6F\x20\uD834\uDF06\x20\x62\x61\x72\']'
 ```
 
-#### `escapeEtago`
+#### `isScriptContext`
 
-The `escapeEtago` option takes a boolean value (`true` or `false`), and defaults to `false` (disabled). When enabled, occurrences of [`</script` and `</style`](https://mathiasbynens.be/notes/etago) in the output are escaped as `<\/script` and `<\/style`. This setting is useful when jsesc’s output ends up as part of a `<script>` or `<style>` element in an HTML document.
+The `isScriptContext` option takes a boolean value (`true` or `false`), and defaults to `false` (disabled). When enabled, occurrences of [`</script` and `</style`](https://mathiasbynens.be/notes/etago) in the output are escaped as `<\/script` and `<\/style`, and [`<!--`](https://mathiasbynens.be/notes/etago#comment-8) is escaped as `\x3C!--` (or `\u003C!--` when the `json` option is enabled). This setting is useful when jsesc’s output ends up as part of a `<script>` or `<style>` element  [...]
 
 ```js
 jsesc('foo</script>bar', {
-  'escapeEtago': true
+  'isScriptContext': true
 });
 // → 'foo<\\/script>bar'
 ```
diff --git a/jsesc.js b/jsesc.js
index 0280ef5..2e95b4c 100644
--- a/jsesc.js
+++ b/jsesc.js
@@ -82,7 +82,7 @@ const jsesc = function(argument, options) {
 	// Handle options
 	const defaults = {
 		'escapeEverything': false,
-		'escapeEtago': false,
+		'isScriptContext': false,
 		'quotes': 'single',
 		'wrap': false,
 		'es6': false,
@@ -294,13 +294,15 @@ const jsesc = function(argument, options) {
 	if (options.wrap) {
 		result = quote + result + quote;
 	}
-	if (options.escapeEtago) {
+	if (options.isScriptContext) {
 		// https://mathiasbynens.be/notes/etago
-		return result.replace(/<\/(script|style)/gi, '<\\/$1');
+		return result
+			.replace(/<\/(script|style)/gi, '<\\/$1')
+			.replace(/<!--/g, json ? '\\u003C!--' : '\\x3C!--');
 	}
 	return result;
 };
 
-jsesc.version = '2.1.0';
+jsesc.version = '2.3.0';
 
 module.exports = jsesc;
diff --git a/package.json b/package.json
index 994d11e..4a2a3d8 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "jsesc",
-  "version": "2.2.0",
+  "version": "2.3.0",
   "description": "A JavaScript library for escaping JavaScript strings while generating the shortest possible valid output.",
   "homepage": "https://mths.be/jsesc",
   "engines": {
diff --git a/src/jsesc.js b/src/jsesc.js
index fc0d22d..cf642dd 100644
--- a/src/jsesc.js
+++ b/src/jsesc.js
@@ -82,7 +82,7 @@ const jsesc = function(argument, options) {
 	// Handle options
 	const defaults = {
 		'escapeEverything': false,
-		'escapeEtago': false,
+		'isScriptContext': false,
 		'quotes': 'single',
 		'wrap': false,
 		'es6': false,
@@ -294,9 +294,11 @@ const jsesc = function(argument, options) {
 	if (options.wrap) {
 		result = quote + result + quote;
 	}
-	if (options.escapeEtago) {
+	if (options.isScriptContext) {
 		// https://mathiasbynens.be/notes/etago
-		return result.replace(/<\/(script|style)/gi, '<\\/$1');
+		return result
+			.replace(/<\/(script|style)/gi, '<\\/$1')
+			.replace(/<!--/g, json ? '\\u003C!--' : '\\x3C!--');
 	}
 	return result;
 };
diff --git a/tests/tests.js b/tests/tests.js
index c0641ae..9517877 100644
--- a/tests/tests.js
+++ b/tests/tests.js
@@ -66,17 +66,32 @@ describe('common usage', function() {
 		);
 		assert.equal(
 			jsesc('foo</script>bar</style>baz</script>qux', {
-				'escapeEtago': true
+				'isScriptContext': true
 			}),
 			'foo<\\/script>bar<\\/style>baz<\\/script>qux',
-			'escapeEtago'
+			'isScriptContext'
 		);
 		assert.equal(
 			jsesc('foo</sCrIpT>bar</STYLE>baz</SCRIPT>qux', {
-				'escapeEtago': true
+				'isScriptContext': true
 			}),
 			'foo<\\/sCrIpT>bar<\\/STYLE>baz<\\/SCRIPT>qux',
-			'escapeEtago'
+			'isScriptContext'
+		);
+		assert.equal(
+			jsesc('"<!--<script></script>";alert(1);', {
+				'isScriptContext': true
+			}),
+			'"\\x3C!--<script><\\/script>";alert(1);',
+			'isScriptContext'
+		);
+		assert.equal(
+			jsesc('"<!--<script></script>";alert(1);', {
+				'isScriptContext': true,
+				'json': true
+			}),
+			'"\\"\\u003C!--<script><\\/script>\\";alert(1);"',
+			'isScriptContext'
 		);
 		assert.equal(
 			jsesc([0x42, 0x1337], {

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-javascript/node-jsesc.git

