use escape-html for escaping

Author: dougwilson

History.md

@@ -1,3 +1,8 @@
+unreleased
+==========
+
+  * use `escape-html` for escaping
+
 1.2.0 / 2014-05-29
 ==================
 

index.js

@@ -10,6 +10,7 @@
  * Module dependencies.
  */
 
+var escapeHtml = require('escape-html');
 var parseurl = require('parseurl');
 var resolve = require('path').resolve;
 var send = require('send');
@@ -79,7 +80,7 @@ exports = module.exports = function(root, options){
       target = url.format(originalUrl);
       res.statusCode = 303;
       res.setHeader('Location', target);
-      res.end('Redirecting to ' + escape(target));
+      res.end('Redirecting to ' + escapeHtml(target));
     }
 
     function error(err) {
@@ -103,22 +104,6 @@ exports = module.exports = function(root, options){
 
 exports.mime = send.mime;
 
-/**
- * Escape the given string of `html`.
- *
- * @param {String} html
- * @return {String}
- * @api private
- */
-
-function escape(html) {
-  return String(html)
-    .replace(/&(?!\w+;)/g, '&')
-    .replace(/</g, '&lt;')
-    .replace(/>/g, '&gt;')
-    .replace(/"/g, '&quot;');
-};
-
 /**
  * Shallow clone a single object.
  *

package.json

@@ -12,6 +12,7 @@
     "url": "https://github.com/expressjs/serve-static/issues"
   },
   "dependencies": {
+    "escape-html": "1.0.1",
     "parseurl": "1.0.1",
     "send": "0.4.0"
   },