}
/**
-* Sanitizes a HTML string
-* @param s string
-* @return Sanitized string
+* Sanitizes a HTML string by replacing all potential dangerous characters with HTML entities
+* @param {string} s String to sanitize
+* @return {string} Sanitized string
*/
function escapeHTML(s) {
- return s.toString().split('&').join('&').split('<').join('<').split('"').join('"');
+ return s.toString().split('&').join('&').split('<').join('<').split('>').join('>').split('"').join('"').split('\'').join(''');
}
/**