Permalink
Cannot retrieve contributors at this time
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
47 lines (44 sloc)
1.46 KB
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /** Used to map characters to HTML entities. */ | |
| const htmlEscapes = { | |
| '&': '&', | |
| '<': '<', | |
| '>': '>', | |
| '"': '"', | |
| "'": ''' | |
| } | |
| /** Used to match HTML entities and HTML characters. */ | |
| const reUnescapedHtml = /[&<>"']/g | |
| const reHasUnescapedHtml = RegExp(reUnescapedHtml.source) | |
| /** | |
| * Converts the characters "&", "<", ">", '"', and "'" in `string` to their | |
| * corresponding HTML entities. | |
| * | |
| * **Note:** No other characters are escaped. To escape additional | |
| * characters use a third-party library like [_he_](https://mths.be/he). | |
| * | |
| * Though the ">" character is escaped for symmetry, characters like | |
| * ">" and "/" don't need escaping in HTML and have no special meaning | |
| * unless they're part of a tag or unquoted attribute value. See | |
| * [Mathias Bynens's article](https://mathiasbynens.be/notes/ambiguous-ampersands) | |
| * (under "semi-related fun fact") for more details. | |
| * | |
| * When working with HTML you should always | |
| * [quote attribute values](http://wonko.com/post/html-escaping) to reduce | |
| * XSS vectors. | |
| * | |
| * @since 0.1.0 | |
| * @category String | |
| * @param {string} [string=''] The string to escape. | |
| * @returns {string} Returns the escaped string. | |
| * @see escapeRegExp, unescape | |
| * @example | |
| * | |
| * escape('fred, barney, & pebbles') | |
| * // => 'fred, barney, & pebbles' | |
| */ | |
| function escape(string) { | |
| return (string && reHasUnescapedHtml.test(string)) | |
| ? string.replace(reUnescapedHtml, (chr) => htmlEscapes[chr]) | |
| : (string || '') | |
| } | |
| export default escape |