From 6277656d69640da9166bbac2a132a3ddee61dcac Mon Sep 17 00:00:00 2001
From: Nigel Tao <nigeltao@golang.org>
Date: Thu, 12 Apr 2012 09:35:43 +1000
Subject: html, exp/html: escape ' and " as &#39; and &#34;, since IE8 and
 below do not support &apos;.

This makes package html consistent with package text/template's
HTMLEscape function.

Fixes #3489.

R=rsc, mikesamuel, dsymonds
CC=golang-dev
https://golang.org/cl/5992071
---
 src/pkg/html/escape.go | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

(limited to 'src/pkg/html')

diff --git a/src/pkg/html/escape.go b/src/pkg/html/escape.go
index fee771a578..24cb7af852 100644
--- a/src/pkg/html/escape.go
+++ b/src/pkg/html/escape.go
@@ -210,13 +210,15 @@ func escape(w writer, s string) error {
 		case '&':
 			esc = "&amp;"
 		case '\'':
-			esc = "&apos;"
+			// "&#39;" is shorter than "&apos;" and apos was not in HTML until HTML5.
+			esc = "&#39;"
 		case '<':
 			esc = "&lt;"
 		case '>':
 			esc = "&gt;"
 		case '"':
-			esc = "&quot;"
+			// "&#34;" is shorter than "&quot;".
+			esc = "&#34;"
 		default:
 			panic("unrecognized escape character")
 		}
@@ -231,7 +233,7 @@ func escape(w writer, s string) error {
 }
 
 // EscapeString escapes special characters like "<" to become "&lt;". It
-// escapes only five such characters: amp, apos, lt, gt and quot.
+// escapes only five such characters: <, >, &, ' and ".
 // UnescapeString(EscapeString(s)) == s always holds, but the converse isn't
 // always true.
 func EscapeString(s string) string {
-- 
cgit v1.3