Merge pull request #110 from bem/feature/tokenize-and-escaping

Improve tokenization and add escaping of HTML attributes values

Author: eGavr

lib/index.js

@@ -11,7 +11,7 @@ var _ = require('lodash'),
 HtmlDiff.prototype.tokenize = function (html) {
     html = modifyHtmlAccordingToOptions(html, this.options);
 
-    return _.filter(html.split(/(\s+|\b)/));
+    return _.filter(html.split(/([{}:;,<>"'\[\]]|\s+)/));
 };
 
 /**

lib/utils/serialize.js

@@ -37,7 +37,7 @@ module.exports = {
         var res = '<' + tagName;
 
         attrs.forEach(function (attr) {
-            res += ' ' + attr.name + '="' + attr.value + '"';
+            res += ' ' + attr.name + '="' + escape(attr.value) + '"';
         });
 
         selfClosing && (res += '/');
@@ -63,3 +63,11 @@ module.exports = {
         return '<!--' + text + '-->';
     }
 };
+
+function escape(str) {
+    return String(str)
+        .replace(/&/g, '&amp;')
+        .replace(/"/g, '&quot;')
+        .replace(/</g, '&lt;')
+        .replace(/>/g, '&gt;');
+}