P3X GitList

Raw View History

Blames found: 15 Mode: javascript Binary: false

Hang on, we reloading big blames...

1af71b6c

/** * Simple sanitization. It is not intended to sanitize * malicious element values. * * character | escaped * < < * > > * ( ( * ) ) * # # * & & * " " * ' ' */

39f3d232

// used for body text var charsEscape = {

617ebf47

'&': '&',

1af71b6c

'<': '<',

b9b044c3

'>': '>'

39f3d232

}; var charsUnescape = { '&': '&', '#': '#', '<': '<', '>': '>', '(': '(', ')': ')', '"': '"', ''': "'", "": "\u001F" }; // used in attribute values var charsAttrEscape = { '&': '&', '<': '<', '>': '>',

1af71b6c

'"': '"', "'": ''' };

da94d5df

function escapeRegExp(string) { return string.replace(/([.*+?^=!:${}()|\[\]\/\\])/g, "\\$1"); }

39f3d232

// sanitize body text exports.sanitize = function sanitize(value, reverse, attribute) {

1af71b6c

if (typeof value !== 'string') { return value; }

39f3d232

var chars = reverse ? charsUnescape : (attribute ? charsAttrEscape : charsEscape); var keys = Object.keys(chars);

17a24607

keys.forEach(function (key) {

39f3d232

value = value.replace(new RegExp(escapeRegExp(key), 'g'), chars[key]);

1af71b6c

}); return value;

b37faaba

};