Escape backslash, closes #516

chriso · chriso · commit 534a35ef8c3b · 2016-09-27T12:46:35.000+10:00
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,6 +2,8 @@
 
 - Renamed `isNull()` to `isEmpty()`
   ([#574](https://github.com/chriso/validator.js/issues/574))
+- Backslash is now escaped in `escape()`
+  ([#516](https://github.com/chriso/validator.js/issues/516))
 - Improved `normalizeEmail()`
   ([#583](https://github.com/chriso/validator.js/pull/583))
 
diff --git a/lib/escape.js b/lib/escape.js
@@ -13,6 +13,6 @@ function _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { de
 
 function escape(str) {
       (0, _assertString2.default)(str);
-      return str.replace(/&/g, '&amp;').replace(/"/g, '&quot;').replace(/'/g, '&#x27;').replace(/</g, '&lt;').replace(/>/g, '&gt;').replace(/\//g, '&#x2F;').replace(/`/g, '&#96;');
+      return str.replace(/&/g, '&amp;').replace(/"/g, '&quot;').replace(/'/g, '&#x27;').replace(/</g, '&lt;').replace(/>/g, '&gt;').replace(/\//g, '&#x2F;').replace(/\\/g, '&#x5C;').replace(/`/g, '&#96;');
 }
 module.exports = exports['default'];
diff --git a/src/lib/escape.js b/src/lib/escape.js
@@ -8,5 +8,6 @@ export default function escape(str) {
         .replace(/</g, '&lt;')
         .replace(/>/g, '&gt;')
         .replace(/\//g, '&#x2F;')
+        .replace(/\\/g, '&#x5C;')
         .replace(/`/g, '&#96;'));
 }
diff --git a/test/sanitizers.js b/test/sanitizers.js
@@ -139,6 +139,9 @@ describe('Sanitizers', function () {
 
         'Backtick: `':
             'Backtick: &#96;',
+
+        'Backslash: \\':
+            'Backslash: &#x5C;',
       },
     });
   });
diff --git a/validator.js b/validator.js
@@ -1077,7 +1077,7 @@
 
       function escape(str) {
             assertString(str);
-            return str.replace(/&/g, '&amp;').replace(/"/g, '&quot;').replace(/'/g, '&#x27;').replace(/</g, '&lt;').replace(/>/g, '&gt;').replace(/\//g, '&#x2F;').replace(/`/g, '&#96;');
+            return str.replace(/&/g, '&amp;').replace(/"/g, '&quot;').replace(/'/g, '&#x27;').replace(/</g, '&lt;').replace(/>/g, '&gt;').replace(/\//g, '&#x2F;').replace(/\\/g, '&#x5C;').replace(/`/g, '&#96;');
       }
 
       function unescape(str) {
diff --git a/validator.min.js b/validator.min.js

Original file line number	Diff line number	Diff line change
`@@ -13,6 +13,6 @@ function _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { de`
`13`	`13`
`14`	`14`	`function escape(str) {`
`15`	`15`	`(0, _assertString2.default)(str);`
`16`		- return str.replace(/&/g, '&').replace(/"/g, '"').replace(/'/g, ''').replace(/</g, '<').replace(/>/g, '>').replace(/\//g, '/').replace(/`/g, '`');
	`16`	+ return str.replace(/&/g, '&').replace(/"/g, '"').replace(/'/g, ''').replace(/</g, '<').replace(/>/g, '>').replace(/\//g, '/').replace(/\\/g, '\').replace(/`/g, '`');
`17`	`17`	`}`
`18`	`18`	`module.exports = exports['default'];`
Original file line number	Diff line number	Diff line change
`@@ -8,5 +8,6 @@ export default function escape(str) {`
`8`	`8`	`.replace(/</g, '<')`
`9`	`9`	`.replace(/>/g, '>')`
`10`	`10`	`.replace(/\//g, '/')`
	`11`	`+ .replace(/\\/g, '\')`
`11`	`12`	.replace(/`/g, '`'));
`12`	`13`	`}`
Original file line number	Diff line number	Diff line change
`@@ -1077,7 +1077,7 @@`
`1077`	`1077`
`1078`	`1078`	`function escape(str) {`
`1079`	`1079`	`assertString(str);`
`1080`		- return str.replace(/&/g, '&').replace(/"/g, '"').replace(/'/g, ''').replace(/</g, '<').replace(/>/g, '>').replace(/\//g, '/').replace(/`/g, '`');
	`1080`	+ return str.replace(/&/g, '&').replace(/"/g, '"').replace(/'/g, ''').replace(/</g, '<').replace(/>/g, '>').replace(/\//g, '/').replace(/\\/g, '\').replace(/`/g, '`');
`1081`	`1081`	`}`
`1082`	`1082`
`1083`	`1083`	`function unescape(str) {`