@xiaomengqiang/charts
Version:
hcharts library for web visualization
80 lines (79 loc) • 2 kB
JavaScript
/**
* Copyright (c) 2024 - present OpenTiny HUICharts Authors.
* Copyright (c) 2024 - present Huawei Cloud Computing Technologies Co., Ltd.
*
* Use of this source code is governed by an MIT-style license.
*
* THE OPEN SOURCE SOFTWARE IN THIS PRODUCT IS DISTRIBUTED IN THE HOPE THAT IT WILL BE USEFUL,
* BUT WITHOUT ANY WARRANTY, WITHOUT EVEN THE IMPLIED WARRANTY OF MERCHANTABILITY OR FITNESS FOR
* A PARTICULAR PURPOSE. SEE THE APPLICABLE LICENSES FOR MORE DETAILS.
*
*/
/**
* 转义字符 防止xss攻击
*/
var matchHtmlRegExp = /["'&<>/]/;
function escapeHtml(string) {
var str = "" + string;
var match = matchHtmlRegExp.exec(str);
if (!match) {
return str;
}
var escape;
var html = '';
var index;
var lastIndex = 0;
for (index = match.index; index < str.length; index++) {
switch (str.charCodeAt(index)) {
case 34:
// "
escape = '"';
break;
case 38:
// &
escape = '&';
break;
case 39:
// '
escape = '''; // modified from escape-html; used to be '''
break;
case 60:
// <
escape = '<';
break;
case 62:
// >
escape = '>';
break;
case 47:
// /
escape = '/';
break;
default:
continue;
}
if (lastIndex !== index) {
html += str.substring(lastIndex, index);
}
lastIndex = index + 1;
html += escape;
}
return lastIndex !== index ? html + str.substring(lastIndex, index) : html;
}
var defendXSS = function defendXSS(obj) {
if (typeof obj === 'string') {
return escapeHtml(obj);
} else if (typeof obj === 'number') {
return obj;
} else if (typeof obj === 'object') {
for (var key in obj) {
if (Object.hasOwnProperty.call(obj, key)) {
obj[key] = defendXSS(obj[key]);
}
}
return obj;
} else {
return obj;
}
};
export { defendXSS as default, escapeHtml };