From d907ae8841a08125e409c6457244bb8d2f7980a2 Mon Sep 17 00:00:00 2001
From: Ryan Boren <ryan@git.wordpress.org>
Date: Tue, 19 Jun 2007 22:46:55 +0000
Subject: [PATCH] js_escape improvements from Alexander Concha. Catches &#39
 &#039 &#39; &#039; &#x27; &#X000027; &#x000027 etc.

git-svn-id: https://develop.svn.wordpress.org/trunk@5734 602fd350-edb4-49c9-b593-d223f7449a82
---
 wp-includes/formatting.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/wp-includes/formatting.php b/wp-includes/formatting.php
index adf95cfb9b..874e48d5bd 100644
--- a/wp-includes/formatting.php
+++ b/wp-includes/formatting.php
@@ -1105,7 +1105,7 @@ function htmlentities2($myHTML) {
 // Escape single quotes, specialchar double quotes, and fix line endings.
 function js_escape($text) {
 	$safe_text = wp_specialchars($text, 'double');
-	$safe_text = str_replace('&#039;', "'", $safe_text);
+	$safe_text = preg_replace('/&#(x)?0*(?(1)27|39);?/i', "'", stripslashes($safe_text));
 	$safe_text = preg_replace("/\r?\n/", "\\n", addslashes($safe_text));
 	return apply_filters('js_escape', $safe_text, $text);
 }