防止xss攻击。

function htmlEscape(text){
   return text.replace(/[<>&\"=]/g,function(match,pos,originalText){
switch(match){
    case "<":
     return  "&it;";
   case ">" :
    return  "&gt;";
   case  "&":
   return "&amp;";
   case "\"" :
   return "&quot;";  
  case "=";
   return  "&#61;";       
}
});              
}
alert(htmlEscape("<p class=\"greenting\">Hello world!</p>"));
//"&it;p class&#61;"greenting"&gt;Hello world!&it;/p&gt;"