replace utils.escape with html-escape

lib/response.js

@@ -2,6 +2,7 @@
  * Module dependencies.
  */
 
+var escapeHtml = require('escape-html');
 var http = require('http')
   , path = require('path')
   , connect = require('connect')
@@ -744,7 +745,7 @@ res.redirect = function(url){
     },
 
     html: function(){
-      var u = utils.escape(url);
+      var u = escapeHtml(url);
       body = '<p>' + statusCodes[status] + '. Redirecting to <a href="' + u + '">' + u + '</a></p>';
     },
 

lib/utils.js

@@ -322,22 +322,6 @@ function acceptParams(str, index) {
   return ret;
 }
 
-/**
- * Escape special characters in the given string of html.
- *
- * @param  {String} html
- * @return {String}
- * @api private
- */
-
-exports.escape = function(html) {
-  return String(html)
-    .replace(/&/g, '&')
-    .replace(/"/g, '"')
-    .replace(/</g, '&lt;')
-    .replace(/>/g, '&gt;');
-};
-
 /**
  * Normalize the given path string,
  * returning a regular expression.

package.json

@@ -50,6 +50,7 @@
     "buffer-crc32": "0.2.1",
     "connect": "2.18.0",
     "commander": "1.3.2",
+    "escape-html": "1.0.1",
     "methods": "1.0.1",
     "mkdirp": "0.5.0",
     "parseurl": "1.0.1",

test/utils.js

@@ -94,13 +94,6 @@ describe('utils.flatten(arr)', function(){
   })
 })
 
-describe('utils.escape(html)', function(){
-  it('should escape html entities', function(){
-    utils.escape('<script>foo & "bar"')
-      .should.equal('&lt;script&gt;foo &amp; &quot;bar&quot;')
-  })
-})
-
 describe('utils.parseParams(str)', function(){
   it('should default quality to 1', function(){
     utils.parseParams('text/html')