Provides utility methods for escaping strings.

/**
 * Html special characters
 *
 * @type {Object}
 */
var HTML_CHARS = {
        '&': '&',
        '<': '&lt;',
        '>': '&gt;',
        '"': '&quot;',
        "'": '&#x27;',
        '/': '&#x2F;',
        '`': '&#x60;'
    },

    /**
     * Provides utility methods for escaping strings.
     *
     * @type {Object}
     */
    Escape = {

        /**
         * Returns a copy of the specified string with special HTML characters
         * escaped. The following characters will be converted to their
         * corresponding character entities:
         *
         *      & < > " ' / `
         *
         * This implementation is based on the [OWASP HTML escaping
         * recommendations][1]. In addition to the characters in the OWASP
         * recommendations, we also escape the <code>&#x60;</code> character,
         * since IE interprets it as an attribute delimiter.
         *
         * If _string_ is not already a string, it will be coerced to a string.
         *
         * http://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet
         *
         * @param {String} string String to escape.
         * @return {String} Escaped string.
         */
        html: function (string) {
            return (string + '').replace(/[&<>"'\/`]/g, Escape._htmlReplacer);
        },

        /**
         * Returns a copy of the specified string with special regular
         * expression characters escaped, allowing the string to be used safely
         * inside a regex. The following characters, and all whitespace
         * characters, are escaped:
         *
         *      - $ ^ * ( ) + [ ] { } | \ , . ?
         *
         * If _string_ is not already a string, it will be coerced to a string.
         *
         * @param {String} string String to escape.
         * @return {String} Escaped string.
         */
        regex: function (string) {
            // There's no need to escape !, =, and : since they only have
            // meaning when they follow a parenthesized ?, as in (?:...), and we
            // already escape parens and question marks.
            return (string + '').replace(/[\-$\^*()+\[\]{}|\\,.?\s]/g, '\\$&');
        },

        /**
         * Regex replacer for HTML escaping.
         *
         * @param {String} match Matched character (must exist in HTML_CHARS).
         * @return {String} HTML entity.
         */
        _htmlReplacer: function (match) {
            return HTML_CHARS[match];
        }
    };