Escape html characters before convert to HTML

2025-12-13 09:46:22 +00:00 · 2018-03-25 23:47:17 +03:00
parent 9590559b81
commit 90f21f4ed1
2 changed files with 53 additions and 3 deletions
--- a/browser/lib/utils.js
+++ b/browser/lib/utils.js
@@ -6,6 +6,55 @@ export function lastFindInArray (array, callback) {
  }
 }

-export default {
-  lastFindInArray
+export function escapeHtmlCharacters (text) {
+  const matchHtmlRegExp = /["'&<>]/
+  const str = '' + text
+  const match = matchHtmlRegExp.exec(str)
+
+  if (!match) {
+    return str
+  }
+
+  let escape
+  let html = ''
+  let index = 0
+  let lastIndex = 0
+
+  for (index = match.index; index < str.length; index++) {
+    switch (str.charCodeAt(index)) {
+      case 34: // "
+        escape = '&quot;'
+        break
+      case 38: // &
+        escape = '&amp;'
+        break
+      case 39: // '
+        escape = '&#39;'
+        break
+      case 60: // <
+        escape = '&lt;'
+        break
+      case 62: // >
+        escape = '&gt;'
+        break
+      default:
+        continue
+    }
+
+    if (lastIndex !== index) {
+      html += str.substring(lastIndex, index)
+    }
+
+    lastIndex = index + 1
+    html += escape
+  }
+
+  return lastIndex !== index
+      ? html + str.substring(lastIndex, index)
+      : html
+}
+
+export default {
+  lastFindInArray,
+  escapeHtmlCharacters
 }