From: yangguo@chromium.org <yangguo@chromium.org@ce2b1a6d-e550-0410-aec6-3dcde31c8c00>
Date: Thu, 7 Aug 2014 07:45:33 +0000 (+0000)
Subject: Only escape U+0022 in argument values of `String.prototype` HTML methods
X-Git-Tag: upstream/4.7.83~7756
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=2ec32f346d9c7d1e3ce32e67b03ed61a53e927ac;p=platform%2Fupstream%2Fv8.git

Only escape U+0022 in argument values of `String.prototype` HTML methods

Contributed by Mathias Bynens <mathiasb@opera.com>.

TEST=mjsunit/es6/string-html
BUG=v8:2217
LOG=Y
R=arv@chromium.org, yangguo@chromium.org

Review URL: https://codereview.chromium.org/446973004

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22955 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
---

diff --git a/src/string.js b/src/string.js
index 5cd1c0c..ae65264 100644
--- a/src/string.js
+++ b/src/string.js
@@ -829,10 +829,7 @@ function StringFromCharCode(code) {
 
 // ES6 draft, revision 26 (2014-07-18), section B.2.3.2.1
 function HtmlEscape(str) {
-  return TO_STRING_INLINE(str).replace(/</g, "&lt;")
-                              .replace(/>/g, "&gt;")
-                              .replace(/"/g, "&quot;")
-                              .replace(/'/g, "&#039;");
+  return TO_STRING_INLINE(str).replace(/"/g, "&quot;");
 }
 
 
diff --git a/test/mjsunit/es6/string-html.js b/test/mjsunit/es6/string-html.js
index b109c1d..4f3feb5 100644
--- a/test/mjsunit/es6/string-html.js
+++ b/test/mjsunit/es6/string-html.js
@@ -6,7 +6,7 @@
 // http://mathias.html5.org/tests/javascript/string/
 
 assertEquals('_'.anchor('b'), '<a name="b">_</a>');
-//assertEquals('<'.anchor('<'), '<a name="<"><</a>'); // #2217
+assertEquals('<'.anchor('<'), '<a name="<"><</a>');
 assertEquals('_'.anchor(0x2A), '<a name="42">_</a>');
 assertEquals('_'.anchor('\x22'), '<a name="&quot;">_</a>');
 assertEquals(String.prototype.anchor.call(0x2A, 0x2A), '<a name="42">42</a>');
@@ -63,7 +63,7 @@ assertThrows(function() {
 assertEquals(String.prototype.fixed.length, 0);
 
 assertEquals('_'.fontcolor('b'), '<font color="b">_</font>');
-//assertEquals('<'.fontcolor('<'), '<font color="<"><</font>'); // #2217
+assertEquals('<'.fontcolor('<'), '<font color="<"><</font>');
 assertEquals('_'.fontcolor(0x2A), '<font color="42">_</font>');
 assertEquals('_'.fontcolor('\x22'), '<font color="&quot;">_</font>');
 assertEquals(String.prototype.fontcolor.call(0x2A, 0x2A),
@@ -77,7 +77,7 @@ assertThrows(function() {
 assertEquals(String.prototype.fontcolor.length, 1);
 
 assertEquals('_'.fontsize('b'), '<font size="b">_</font>');
-//assertEquals('<'.fontsize('<'), '<font size="<"><</font>'); // #2217
+assertEquals('<'.fontsize('<'), '<font size="<"><</font>');
 assertEquals('_'.fontsize(0x2A), '<font size="42">_</font>');
 assertEquals('_'.fontsize('\x22'), '<font size="&quot;">_</font>');
 assertEquals(String.prototype.fontsize.call(0x2A, 0x2A),
@@ -102,7 +102,7 @@ assertThrows(function() {
 assertEquals(String.prototype.italics.length, 0);
 
 assertEquals('_'.link('b'), '<a href="b">_</a>');
-//assertEquals('<'.link('<'), '<a href="<"><</a>'); // #2217
+assertEquals('<'.link('<'), '<a href="<"><</a>');
 assertEquals('_'.link(0x2A), '<a href="42">_</a>');
 assertEquals('_'.link('\x22'), '<a href="&quot;">_</a>');
 assertEquals(String.prototype.link.call(0x2A, 0x2A), '<a href="42">42</a>');