Why html escape /?

Question

I was looking at this answer (copied below)

What I didn't understand is why is / escaped?

There is also the solution from mustache.js

https://github.com/janl/mustache.js/blob/master/mustache.js#L82

 var entityMap = {
    "&": "&amp;",
    "<": "&lt;",
    ">": "&gt;",
    '"': '&quot;',
    "'": '&#39;',
    "/": '&#x2F;'
  };

  function escapeHtml(string) {
    return String(string).replace(/[&<>"'\/]/g, function (s) {
      return entityMap[s];
    });
  }

@NickFury The HTML isn't being put *in* the regex, so I don't see why that would be the case. — Waleed Khan, Mar 12 '13 at 12:31
https://github.com/janl/mustache.js/pull/199 (OWASP, in turn, has some nonsense about how it "helps to end an HTML entity".) As always, the answer to your "why" question is "because it seemed like a good idea to someone when they wrote the code". — Wooble, Mar 12 '13 at 12:43
@Alohci: it certainly took you longer to type that comment and wait for a response than it would have taken to Google it. — Wooble, Mar 12 '13 at 13:24

score -1 · Answer 1 · answered Mar 12 '13 at 13:02

-1

There is no need at all to escape the / in HTML.

answered Mar 12 '13 at 13:02

Allie

824
1
9
14

-1; doesn't answer OP's question, which is why at least 2 sources do recommend it. – Wooble Mar 12 '13 at 13:25

Why html escape /?

1 Answers1