Version 3.18.1
Show:

File: escape/js/escape.js

  1.             /**
  2.             Provides utility methods for escaping strings.
  3.             
  4.             @module escape
  5.             @class Escape
  6.             @static
  7.             @since 3.3.0
  8.             **/
  9.             
  10.             var HTML_CHARS = {
  11.                     '&': '&',
  12.                     '<': '&lt;',
  13.                     '>': '&gt;',
  14.                     '"': '&quot;',
  15.                     "'": '&#x27;',
  16.                     '/': '&#x2F;',
  17.                     '`': '&#x60;'
  18.                 },
  19.             
  20.             Escape = {
  21.                 // -- Public Static Methods ------------------------------------------------
  22.             
  23.                 /**
  24.                 Returns a copy of the specified string with special HTML characters
  25.                 escaped. The following characters will be converted to their
  26.                 corresponding character entities:
  27.             
  28.                     & < > " ' / `
  29.             
  30.                 This implementation is based on the [OWASP HTML escaping
  31.                 recommendations][1]. In addition to the characters in the OWASP
  32.                 recommendations, we also escape the <code>&#x60;</code> character, since IE
  33.                 interprets it as an attribute delimiter.
  34.             
  35.                 If _string_ is not already a string, it will be coerced to a string.
  36.             
  37.                 [1]: http://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet
  38.             
  39.                 @method html
  40.                 @param {String} string String to escape.
  41.                 @return {String} Escaped string.
  42.                 @static
  43.                 **/
  44.                 html: function (string) {
  45.                     return (string + '').replace(/[&<>"'\/`]/g, Escape._htmlReplacer);
  46.                 },
  47.             
  48.                 /**
  49.                 Returns a copy of the specified string with special regular expression
  50.                 characters escaped, allowing the string to be used safely inside a regex.
  51.                 The following characters, and all whitespace characters, are escaped:
  52.             
  53.                     - $ ^ * ( ) + [ ] { } | \ , . ?
  54.             
  55.                 If _string_ is not already a string, it will be coerced to a string.
  56.             
  57.                 @method regex
  58.                 @param {String} string String to escape.
  59.                 @return {String} Escaped string.
  60.                 @static
  61.                 **/
  62.                 regex: function (string) {
  63.                     // There's no need to escape !, =, and : since they only have meaning
  64.                     // when they follow a parenthesized ?, as in (?:...), and we already
  65.                     // escape parens and question marks.
  66.                     return (string + '').replace(/[\-$\^*()+\[\]{}|\\,.?\s]/g, '\\$&');
  67.                 },
  68.             
  69.                 // -- Protected Static Methods ---------------------------------------------
  70.             
  71.                 /**
  72.                  * Regex replacer for HTML escaping.
  73.                  *
  74.                  * @method _htmlReplacer
  75.                  * @param {String} match Matched character (must exist in HTML_CHARS).
  76.                  * @return {String} HTML entity.
  77.                  * @static
  78.                  * @protected
  79.                  */
  80.                 _htmlReplacer: function (match) {
  81.                     return HTML_CHARS[match];
  82.                 }
  83.             };
  84.             
  85.             Escape.regexp = Escape.regex;
  86.             
  87.             Y.Escape = Escape;
  88.             
  89.