UNPKG

html-escaper

Version:

fast and safe way to escape and unescape &<>'" chars

github.com/WebReflection/html-escaper

WebReflection/html-escaper

82 lines (70 loc) 2.57 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
var html = (function (exports) { 'use strict'; /** * Copyright (C) 2017-present by Andrea Giammarchi - @WebReflection * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal * in the Software without restriction, including without limitation the rights * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell * copies of the Software, and to permit persons to whom the Software is * furnished to do so, subject to the following conditions: * * The above copyright notice and this permission notice shall be included in * all copies or substantial portions of the Software. * * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN * THE SOFTWARE. */ const {replace} = ''; // escape const es = /&(?:amp|#38|lt|#60|gt|#62|apos|#39|quot|#34);/g; const ca = /[&<>'"]/g; const esca = { '&': '&amp;', '<': '&lt;', '>': '&gt;', "'": '&#39;', '"': '&quot;' }; const pe = m => esca[m]; /** * Safely escape HTML entities such as `&`, `<`, `>`, `"`, and `'`. * @param {string} es the input to safely escape * @returns {string} the escaped input, and it **throws** an error if * the input type is unexpected, except for boolean and numbers, * converted as string. */ const escape = es => replace.call(es, ca, pe); // unescape const unes = { '&amp;': '&', '&#38;': '&', '&lt;': '<', '&#60;': '<', '&gt;': '>', '&#62;': '>', '&apos;': "'", '&#39;': "'", '&quot;': '"', '&#34;': '"' }; const cape = m => unes[m]; /** * Safely unescape previously escaped entities such as `&`, `<`, `>`, `"`, * and `'`. * @param {string} un a previously escaped string * @returns {string} the unescaped input, and it **throws** an error if * the input type is unexpected, except for boolean and numbers, * converted as string. */ const unescape = un => replace.call(un, es, cape); exports.escape = escape; exports.unescape = unescape; return exports; }({}));