Toggle navigation
P3X GitList Snapshot
GitHub
Repo
Changelog
To do
Releases
Themes
Change log
Loading change log ...
To do ...
Loading todo ...
browsing:
ad1971a75ce48945d2f53601087aae64c4df6d7e
Branches
0.1
0.2
html-sanitizer
html-sanitizer-and-mocha-specs
master
sanitize-oversight
Tags
v0.11.2
v0.11.0
v0.9.2
v0.9.0
v0.8.2
v0.6.2
v0.6.1
v0.6.0
v0.5.1
v0.5.0
v0.4.0
v0.3.2
v0.3.1
v0.3.0
0.2.4
0.2.3
0.2.2
0.2.1
0.2.0
0.1.1
0.1.0
Files
Commits
Log
Graph
Stats
xml2json.git
src
sanitize.js
RSS
Git
Fetch origin
Download
ZIP
TAR
Clone
Raw
View
History
Clone
SSH
HTTPS
Blames found: 15
Mode: javascript
Binary: false
Hang on, we reloading big blames...
1af71b6c
/** * Simple sanitization. It is not intended to sanitize * malicious element values. * * character | escaped * < < * > > * ( ( * ) ) * # # * & & * " " * ' ' */
39f3d232
// used for body text var charsEscape = {
617ebf47
'&': '&',
1af71b6c
'<': '<',
b9b044c3
'>': '>'
39f3d232
}; var charsUnescape = { '&': '&', '#': '#', '<': '<', '>': '>', '(': '(', ')': ')', '"': '"', ''': "'", "": "\u001F" }; // used in attribute values var charsAttrEscape = { '&': '&', '<': '<', '>': '>',
1af71b6c
'"': '"', "'": ''' };
da94d5df
function escapeRegExp(string) { return string.replace(/([.*+?^=!:${}()|\[\]\/\\])/g, "\\$1"); }
39f3d232
// sanitize body text exports.sanitize = function sanitize(value, reverse, attribute) {
1af71b6c
if (typeof value !== 'string') { return value; }
39f3d232
var chars = reverse ? charsUnescape : (attribute ? charsAttrEscape : charsEscape); var keys = Object.keys(chars);
17a24607
keys.forEach(function (key) {
39f3d232
value = value.replace(new RegExp(escapeRegExp(key), 'g'), chars[key]);
1af71b6c
}); return value;
b37faaba
};