|
|
- /*!
- * escape-html
- * Copyright(c) 2012-2013 TJ Holowaychuk
- * Copyright(c) 2015 Andreas Lubbe
- * Copyright(c) 2015 Tiancheng "Timothy" Gu
- * MIT Licensed
- */
-
- 'use strict';
-
- /**
- * Module variables.
- * @private
- */
-
- var matchHtmlRegExp = /["'&<>]/;
-
- /**
- * Module exports.
- * @public
- */
-
- module.exports = escapeHtml;
-
- /**
- * Escape special characters in the given string of html.
- *
- * @param {string} string The string to escape for inserting into HTML
- * @return {string}
- * @public
- */
-
- function escapeHtml(string) {
- var str = '' + string;
- var match = matchHtmlRegExp.exec(str);
-
- if (!match) {
- return str;
- }
-
- var escape;
- var html = '';
- var index = 0;
- var lastIndex = 0;
-
- for (index = match.index; index < str.length; index++) {
- switch (str.charCodeAt(index)) {
- case 34: // "
- escape = '"';
- break;
- case 38: // &
- escape = '&';
- break;
- case 39: // '
- escape = ''';
- break;
- case 60: // <
- escape = '<';
- break;
- case 62: // >
- escape = '>';
- break;
- default:
- continue;
- }
-
- if (lastIndex !== index) {
- html += str.substring(lastIndex, index);
- }
-
- lastIndex = index + 1;
- html += escape;
- }
-
- return lastIndex !== index
- ? html + str.substring(lastIndex, index)
- : html;
- }
|