Toggle navigation
P3X GitList Snapshot
GitHub
Repo
Changelog
To do
Releases
Themes
Change log
Loading change log ...
To do ...
Loading todo ...
browsing:
d2046fe9fb3af3c706617df20d660f0655a66942
Branches
0.1
0.2
html-sanitizer
html-sanitizer-and-mocha-specs
master
sanitize-oversight
Tags
v0.11.2
v0.11.0
v0.9.2
v0.9.0
v0.8.2
v0.6.2
v0.6.1
v0.6.0
v0.5.1
v0.5.0
v0.4.0
v0.3.2
v0.3.1
v0.3.0
0.2.4
0.2.3
0.2.2
0.2.1
0.2.0
0.1.1
0.1.0
Files
Commits
Log
Graph
Stats
xml2json.git
lib
sanitize.js
RSS
Git
Fetch origin
Download
ZIP
TAR
Clone
Raw
View
History
Clone
SSH
HTTPS
Blames found: 13
Mode: javascript
Binary: false
Hang on, we reloading big blames...
1af71b6c
/** * Simple sanitization. It is not intended to sanitize * malicious element values. * * character | escaped * < < * > > * ( ( * ) ) * # # * & & * " " * ' ' */
39f3d232
// used for body text var charsEscape = {
617ebf47
'&': '&',
1af71b6c
'<': '<',
b9b044c3
'>': '>'
39f3d232
}; var charsUnescape = { '&': '&', '#': '#', '<': '<', '>': '>', '(': '(', ')': ')', '"': '"', ''': "'", "": "\u001F" }; // used in attribute values var charsAttrEscape = { '&': '&', '<': '<', '>': '>',
1af71b6c
'"': '"', "'": ''' };
da94d5df
function escapeRegExp(string) { return string.replace(/([.*+?^=!:${}()|\[\]\/\\])/g, "\\$1"); }
39f3d232
// sanitize body text exports.sanitize = function sanitize(value, reverse, attribute) {
1af71b6c
if (typeof value !== 'string') { return value; }
39f3d232
var chars = reverse ? charsUnescape : (attribute ? charsAttrEscape : charsEscape); var keys = Object.keys(chars); keys.forEach(function(key) { value = value.replace(new RegExp(escapeRegExp(key), 'g'), chars[key]);
1af71b6c
}); return value;
b37faaba
};