Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

why does _.escape modify / characters in Underscore.js?

I was looking through the Underscore.js api and I noticed that _.escape escapes &, <, >, ", ', and / characters. What surprised me was escaping /.

Is there a reason to escape / characters that I don't know about?

like image 378
zzzzBov Avatar asked Nov 28 '11 15:11

zzzzBov


People also ask

What is the use of underscore js?

Underscore. js is a utility library that is widely used to deal with arrays, collections and objects in JavaScript. It can be used in both frontend and backend based JavaScript applications. Usages of this library include filtering from array, mapping objects, extending objects, operating with functions and more.

Can I escape HTML special chars in JavaScript?

String − We can pass any HTML string as an argument to escape special characters and encode it.

What is underscore variable in JavaScript?

It is simply the convention of prepending an underscore ( _ ) to a variable name. This is done to indicate that a variable is private and should not be toyed with. For example, a "private" variable that stores sensitive information, such as a password, will be named _password to explicitly state that it is "private".

What is escaping in JavaScript?

Using the Escape Character ( \ ) We can use the backslash ( \ ) escape character to prevent JavaScript from interpreting a quote as the end of the string. The syntax of \' will always be a single quote, and the syntax of \" will always be a double quote, without any fear of breaking the string.


1 Answers

EDIT: Alright, apparently, it is recommended by OWASP as it "helps end a HTML entity".

Escape the following characters with HTML entity encoding to prevent switching into any execution context, such as script, style, or event handlers. Using hex entities is recommended in the spec. In addition to the 5 characters significant in XML (&, <, >, ", '), the forward slash is included as it helps to end an HTML entity.

& --> &amp;
< --> &lt;
> --> &gt;
" --> &quot;
' --> &#x27;     &apos; is not recommended
/ --> &#x2F;     forward slash is included as it helps end an HTML entity
like image 190
Chetan S Avatar answered Oct 29 '22 19:10

Chetan S