From 801d3d9be101c18b4c550f6a2543400ea667491e Mon Sep 17 00:00:00 2001
From: Calvin Montgomery <calzoneman@gmail.com>
Date: Sun, 21 Oct 2018 22:18:22 -0700
Subject: [PATCH] Fix #775

---
 NEWS.md      | 9 +++++++++
 package.json | 2 +-
 test/xss.js  | 2 +-
 3 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/NEWS.md b/NEWS.md
index ee38fb92..97ed34d6 100644
--- a/NEWS.md
+++ b/NEWS.md
@@ -1,3 +1,12 @@
+2018-10-21
+==========
+
+The `sanitize-html` dependency has made a change that results in `"` no longer
+being replaced by `&quot;` when not inside an HTML attribute value.  This
+potentially breaks any chat filters matching quotes as `&quot;` (on my
+particular instance, this seems to be quite rare).  These filters will need to
+be updated in order to continue matching quotes.
+
 2018-08-27
 ==========
 
diff --git a/package.json b/package.json
index 3715f75a..94e75e07 100644
--- a/package.json
+++ b/package.json
@@ -2,7 +2,7 @@
   "author": "Calvin Montgomery",
   "name": "CyTube",
   "description": "Online media synchronizer and chat",
-  "version": "3.58.4",
+  "version": "3.59.0",
   "repository": {
     "url": "http://github.com/calzoneman/sync"
   },
diff --git a/test/xss.js b/test/xss.js
index 3fc20970..e353491a 100644
--- a/test/xss.js
+++ b/test/xss.js
@@ -5,7 +5,7 @@ describe('XSS', () => {
     describe('sanitizeHTML', () => {
         it('behaves consistently w.r.t. special chars used in emotes', () => {
             const input    = '`^~=| _-,;:!?/."()[]{}@$*\\&#%+á\t';
-            const expected = '`^~=| _-,;:!?/.&quot;()[]{}@$*\\\\&amp;#%+á\t';
+            const expected = '`^~=| _-,;:!?/."()[]{}@$*\\\\&amp;#%+á\t';
             assert.strictEqual(XSS.sanitizeHTML(input), expected);
         });
     });