Make HtmlEscape escape '/' again in UNKNOWN mode.

Make HtmlEscape escape '/' again in UNKNOWN mode.

This is a XSS-prevention recommendation.
If escaped code is only ever used inside a quoted attribute or as element text,
escapeing '/' is not necessary.
However, if the escaped code is inserted inside a tag (for example assuming
that it is a well-behavde attribute), then a slash may be meaningful in some
cases. Lots of other things can go wrong in that case, so we recommend against
it.

R=sgjesse@google.com

Committed: https://code.google.com/p/dart/source/detail?r=45153

[Lasse Reichstein Nielsen, 2015-04-15 07:48:58]

lrn@google.com changed reviewers:
+ sgjesse@google.com

[Søren Gjesse, 2015-04-15 07:55:59]

lgtm

[Lasse Reichstein Nielsen, 2015-04-15 08:15:21]

Committed patchset #1 (id:1) manually as 45153 (presubmit successful).

[Siggi Cherem (dart-lang), 2015-04-15 22:09:52]

sigmund@google.com changed reviewers:
+ sigmund@google.com

[Siggi Cherem (dart-lang), 2015-04-15 22:09:52]

https://codereview.chromium.org/1084473003/diff/1/sdk/lib/convert/html_escape...
File sdk/lib/convert/html_escape.dart (right):

https://codereview.chromium.org/1084473003/diff/1/sdk/lib/convert/html_escape...
sdk/lib/convert/html_escape.dart:185: case '/': if (mode.escapeSlash)
replacement = '.'; break;
should this be / (or like it was before /)?

[Lasse Reichstein Nielsen, 2015-04-16 06:42:22]

https://codereview.chromium.org/1084473003/diff/1/sdk/lib/convert/html_escape...
File sdk/lib/convert/html_escape.dart (right):

https://codereview.chromium.org/1084473003/diff/1/sdk/lib/convert/html_escape...
sdk/lib/convert/html_escape.dart:185: case '/': if (mode.escapeSlash)
replacement = '.'; break;
Argh. Yes, ofcourse.