estools
Generating browser-safe code?
I had a look at using escodegen within a Node app to safely inject configuration globals into HTML5 apps. It looked pretty promising, but one of my test cases fails: configuration values containing strings with </script> in them cause the browser to stop parsing the config object at that point:
<script>window.appConfig = {"test": "</script>"};</script>
The browser closes the script element at the first </script>, not the second, leaving the rest of the generated script as dangling crud in the page and rendering the script invalid.
Standard practice when writing JS that may contain that string is to escape the / character in the string literal: "<\/script>" or "</" + "script">" (I vastly prefer the former, for obvious reasons). Would it be possible to add something to escodegen's option table to serialize / in string literals as \/ escape sequences?
