updated the comment for inUnQuotedAttr

YahooArchive · Mar 13, 2015 · c3a8bf8 · c3a8bf8
1 parent 67b2a0c
commit c3a8bf8
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/src/xss-filters.js b/src/xss-filters.js
@@ -392,7 +392,7 @@ exports.inDoubleQuotedAttr = privFilters.yavd;
 * @function module:xss-filters#inUnQuotedAttr
 *
 * @param {string} s - An untrusted user input
-* @returns {string} The string s with any tab, LF, FF, space, and '>' encoded.
+* @returns {string} The string s with any tab, LF, FF, space, and '>' encoded. If the first char is either ' " or `, it is also encoded. If an empty string is encountered, return a NULL character '\u0000'.
 *
 * @description
 * <p class="warning">Warning: This is NOT designed for any onX (e.g., onclick) attributes!</p>