UNPKG

modulex-util

Version:

common utilities from modulex

github.com/modulex/util

modulex/util

117 lines (107 loc) 3.05 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
/** * @ignore * escape of lang * @author yiminghe@gmail.com */ var util = require('./base'); // IE doesn't include non-breaking-space (0xa0) in their \s character // class (as required by section 7.2 of the ECMAScript spec), we explicitly // include it in the regexp to enforce consistent cross-browser behavior. var EMPTY = '', // FALSE = false, // http://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet // http://wonko.com/post/html-escaping htmlEntities = { '&amp;': '&', '&gt;': '>', '&lt;': '<', '&#x60;': '`', '&#x2F;': '/', '&quot;': '"', /*jshint quotmark:false*/ '&#x27;': "'" }, reverseEntities = {}, escapeHtmlReg, unEscapeHtmlReg, possibleEscapeHtmlReg = /[&<>"'`]/, // - # $ ^ * ( ) + [ ] { } | \ , . ? escapeRegExp = /[\-#$\^*()+\[\]{}|\\,.?\s]/g; (function () { for (var k in htmlEntities) { reverseEntities[htmlEntities[k]] = k; } })(); escapeHtmlReg = getEscapeReg(); unEscapeHtmlReg = getUnEscapeReg(); function getEscapeReg() { var str = EMPTY; for (var e in htmlEntities) { var entity = htmlEntities[e]; str += entity + '|'; } str = str.slice(0, -1); escapeHtmlReg = new RegExp(str, 'g'); return escapeHtmlReg; } function getUnEscapeReg() { var str = EMPTY; for (var e in reverseEntities) { var entity = reverseEntities[e]; str += entity + '|'; } str += '&#(\\d{1,5});'; unEscapeHtmlReg = new RegExp(str, 'g'); return unEscapeHtmlReg; } util.mix(util, { /** * get escaped string from html. * only escape * & > < ` / " ' * refer: * * [http://yiminghe.javaeye.com/blog/788929](http://yiminghe.javaeye.com/blog/788929) * * [http://wonko.com/post/html-escaping](http://wonko.com/post/html-escaping) * @param str {string} text2html show * @member util * @return {String} escaped html */ escapeHtml: function (str) { if (!str && str !== 0) { return ''; } str = '' + str; if (!possibleEscapeHtmlReg.test(str)) { return str; } return (str + '').replace(escapeHtmlReg, function (m) { return reverseEntities[m]; }); }, /** * get escaped regexp string for construct regexp. * @param str * @member util * @return {String} escaped regexp */ escapeRegExp: function (str) { return str.replace(escapeRegExp, '\\$&'); }, /** * un-escape html to string. * only unescape * &amp; &lt; &gt; &#x60; &#x2F; &quot; &#x27; &#\d{1,5} * @param str {string} html2text * @member util * @return {String} un-escaped html */ unEscapeHtml: function (str) { return str.replace(unEscapeHtmlReg, function (m, n) { return htmlEntities[m] || String.fromCharCode(+n); }); } }); util.escapeHTML = util.escapeHtml; util.unEscapeHTML = util.unEscapeHtml;