case '&':
esc = "&"
case '\'':
- esc = "'"
+ // "'" is shorter than "'" and apos was not in HTML until HTML5.
+ esc = "'"
case '<':
esc = "<"
case '>':
esc = ">"
case '"':
- esc = """
+ // """ is shorter than """.
+ esc = """
default:
panic("unrecognized escape character")
}
}
// EscapeString escapes special characters like "<" to become "<". It
-// escapes only five such characters: amp, apos, lt, gt and quot.
+// escapes only five such characters: <, >, &, ' and ".
// UnescapeString(EscapeString(s)) == s always holds, but the converse isn't
// always true.
func EscapeString(s string) string {
},
},
}
- want := `<html><head></head><body>0<1<p id="A" foo="abc"def">` +
+ want := `<html><head></head><body>0<1<p id="A" foo="abc"def">` +
`2<b empty="">3</b><i backslash="\">&4</i></p>` +
`5<blockquote></blockquote><br/>6</body></html>`
b := new(bytes.Buffer)
{
"tricky",
"<p \t\n iD=\"a"B\" foo=\"bar\"><EM>te<&;xt</em></p>",
- `<p id="a"B" foo="bar">$<em>$te<&;xt$</em>$</p>`,
+ `<p id="a"B" foo="bar">$<em>$te<&;xt$</em>$</p>`,
},
// A nonexistent entity. Tokenizing and converting back to a string should
// escape the "&" to become "&".
{
"Double-quoted attribute value",
`<input value="I'm an attribute" FOO="BAR">`,
- `<input value="I'm an attribute" foo="BAR">`,
+ `<input value="I'm an attribute" foo="BAR">`,
},
{
"Attribute name characters",
{
"Attributes with a solitary single quote",
`<p id=can't><p id=won't>`,
- `<p id="can't">$<p id="won't">`,
+ `<p id="can't">$<p id="won't">`,
},
}
`"<&>"`,
`"<&>"`,
`3&5==1 && 0<1, "0<1", a+acute=á`,
+ `The special characters are: <, >, &, ' and "`,
}
for _, s := range ss {
- if s != UnescapeString(EscapeString(s)) {
- t.Errorf("s != UnescapeString(EscapeString(s)), s=%q", s)
+ if got := UnescapeString(EscapeString(s)); got != s {
+ t.Errorf("got %q want %q", got, s)
}
}
}
case '&':
esc = "&"
case '\'':
- esc = "'"
+ // "'" is shorter than "'" and apos was not in HTML until HTML5.
+ esc = "'"
case '<':
esc = "<"
case '>':
esc = ">"
case '"':
- esc = """
+ // """ is shorter than """.
+ esc = """
default:
panic("unrecognized escape character")
}
}
// EscapeString escapes special characters like "<" to become "<". It
-// escapes only five such characters: amp, apos, lt, gt and quot.
+// escapes only five such characters: <, >, &, ' and ".
// UnescapeString(EscapeString(s)) == s always holds, but the converse isn't
// always true.
func EscapeString(s string) string {
"&", "&",
"<", "<",
">", ">",
- `"`, """,
- "'", "'",
+ // """ is shorter than """.
+ `"`, """,
+ // "'" is shorter than "'" and apos was not in HTML until HTML5.
+ "'", "'",
)
func htmlEscape(s string) string {
var (
htmlQuot = []byte(""") // shorter than """
- htmlApos = []byte("'") // shorter than "'"
+ htmlApos = []byte("'") // shorter than "'" and apos was not in HTML until HTML5
htmlAmp = []byte("&")
htmlLt = []byte("<")
htmlGt = []byte(">")