function badEncode(s) { return s.replace(/"/g, """) .replace(/'/g, "'") .replace(/&/g, "&"); } function goodEncode(s) { return s.replace(/&/g, "&") .replace(/"/g, """) .replace(/'/g, "'"); } function goodDecode(s) { return s.replace(/"/g, "\"") .replace(/'/g, "'") .replace(/&/g, "&"); } function badDecode(s) { return s.replace(/&/g, "&") .replace(/"/g, "\"") .replace(/'/g, "'"); } function cleverEncode(code) { return code.replace(//g, '>').replace(/&(?![\w\#]+;)/g, '&'); } function badDecode2(s) { return s.replace(/&/g, "&") .replace(/s?ome|thin*g/g, "else") .replace(/'/g, "'"); } function goodDecodeInLoop(ss) { var res = []; for (var s of ss) { s = s.replace(/"/g, "\"") .replace(/'/g, "'") .replace(/&/g, "&"); res.push(s); } return res; } function badDecode3(s) { s = s.replace(/&/g, "&"); s = s.replace(/"/g, "\""); return s.replace(/'/g, "'"); } function badUnescape(s) { return s.replace(/\\\\/g, '\\') .replace(/\\'/g, '\'') .replace(/\\"/g, '\"'); } function badPercentEscape(s) { s = s.replace(/&/g, '%26'); s = s.replace(/%/g, '%25'); return s; } function badEncode(s) { var indirect1 = /"/g; var indirect2 = /'/g; var indirect3 = /&/g; return s.replace(indirect1, """) .replace(indirect2, "'") .replace(indirect3, "&"); } function badEncodeWithReplacer(s) { var repl = { '"': """, "'": "'", "&": "&" }; return s.replace(/["']/g, (c) => repl[c]).replace(/&/g, "&"); } // dubious, but out of scope for this query function badRoundtrip(s) { return s.replace(/\\\\/g, "\\").replace(/\\/g, "\\\\"); } function testWithCapturedVar(x) { var captured = x; (function() { captured = captured.replace(/\\/g, "\\\\"); })(); } function encodeDecodeEncode(s) { return goodEncode(goodDecode(goodEncode(s))); }