Comment #14 on issue 2217 by [email protected]: HTML extensions to String.prototype shouldn’t escape ', < and > in argument values; only "
http://code.google.com/p/v8/issues/detail?id=2217
Why not make it idiot-proof by changing the others?
It takes much more than just escaping ', < and > to make these methods fully idiot-proof even after post-processing like you described. For one, & should be escaped into &, but that’s a change that simply cannot be made without breaking existing scripts that already do the right thing and escape & into & before passing it to one of the String.prototype HTML extensions.
-- v8-dev mailing list [email protected] http://groups.google.com/group/v8-dev
