refactor: use escape-html

dat SLOC

lib/response.js

@@ -4,6 +4,7 @@
  */
 
 var debug = require('debug')('koa:response');
+var escape = require('escape-html');
 var status = require('statuses');
 var http = require('http');
 var path = require('path');
@@ -448,19 +449,3 @@ module.exports = {
     }
   }
 };
-
-/**
- * Escape special characters in the given string of html.
- *
- * @param  {String} html
- * @return {String}
- * @api private
- */
-
-function escape(html) {
-  return String(html)
-    .replace(/&/g, '&')
-    .replace(/"/g, '"')
-    .replace(/</g, '&lt;')
-    .replace(/>/g, '&gt;');
-}

package.json

@@ -21,6 +21,7 @@
   ],
   "license": "MIT",
   "dependencies": {
+    "escape-html": "~1.0.1",
     "statuses": "~1.0.1",
     "accepts": "~1.0.0",
     "type-is": "~1.0.0",