diff options
-rw-r--r-- | js/lib/common.js | 36 | ||||
-rw-r--r-- | js/lib/html.js | 16 | ||||
-rw-r--r-- | js/lib/xml.js | 31 |
3 files changed, 41 insertions, 42 deletions
diff --git a/js/lib/common.js b/js/lib/common.js index 0104e68..8ba70a8 100644 --- a/js/lib/common.js +++ b/js/lib/common.js @@ -8,6 +8,12 @@ var ESCAPABLE = '[!"#$%&\'()*+,./:;<=>?@[\\\\\\]^_`{|}~-]'; var reEntityOrEscapedChar = new RegExp('\\\\' + ESCAPABLE + '|' + ENTITY, 'gi'); +var XMLSPECIAL = '[&<>"]'; + +var reXmlSpecial = new RegExp(XMLSPECIAL, 'g'); + +var reXmlSpecialOrEntity = new RegExp(ENTITY + '|' + XMLSPECIAL, 'gi'); + var unescapeChar = function(s) { "use strict"; if (s[0] === '\\') { @@ -32,6 +38,34 @@ var normalizeURI = function(uri) { return encodeURI(unescape(uri)); } +var replaceUnsafeChar = function(s) { + switch (s) { + case '&': + return '&'; + case '<': + return '<'; + case '>': + return '>'; + case '"': + return '"'; + default: + return s; + } +}; + +var escapeXml = function(s, preserve_entities) { + if (reXmlSpecial.test(s)) { + if (preserve_entities) { + return s.replace(reXmlSpecialOrEntity, replaceUnsafeChar); + } else { + return s.replace(reXmlSpecial, replaceUnsafeChar); + } + } else { + return s; + } +}; + module.exports = { unescapeString: unescapeString, - normalizeURI: normalizeURI + normalizeURI: normalizeURI, + escapeXml: escapeXml, }; diff --git a/js/lib/html.js b/js/lib/html.js index afe7a33..3f2c1dd 100644 --- a/js/lib/html.js +++ b/js/lib/html.js @@ -1,5 +1,7 @@ "use strict"; +var escapeXml = require('./common').escapeXml; + // Helper function to produce an HTML tag. var tag = function(name, attrs, selfclosing) { var result = '<' + name; @@ -246,8 +248,6 @@ var replaceUnsafeChar = function(s) { } }; -var reNeedsEscaping = /[&<>"]/; - // The HtmlRenderer object. function HtmlRenderer(options){ return { @@ -255,17 +255,7 @@ function HtmlRenderer(options){ softbreak: '\n', // by default, soft breaks are rendered as newlines in HTML // set to "<br />" to make them hard breaks // set to " " if you want to ignore line wrapping in source - escape: function(s, preserve_entities) { - if (reNeedsEscaping.test(s)) { - if (preserve_entities) { - return s.replace(/[&](?:[#](x[a-f0-9]{1,8}|[0-9]{1,8});|[a-z][a-z0-9]{1,31};)|[&<>"]/gi, replaceUnsafeChar); - } else { - return s.replace(/[&<>"]/g, replaceUnsafeChar); - } - } else { - return s; - } - }, + escape: escapeXml, options: options || {}, render: renderNodes }; diff --git a/js/lib/xml.js b/js/lib/xml.js index 056bcc5..79b6957 100644 --- a/js/lib/xml.js +++ b/js/lib/xml.js @@ -1,5 +1,7 @@ "use strict"; +var escapeXml = require('./common').escapeXml; + // Helper function to produce an XML tag. var tag = function(name, attrs, selfclosing) { var result = '<' + name; @@ -158,23 +160,6 @@ var renderNodes = function(block) { return buffer; }; -var replaceUnsafeChar = function(s) { - switch (s) { - case '&': - return '&'; - case '<': - return '<'; - case '>': - return '>'; - case '"': - return '"'; - default: - return s; - } -}; - -var reNeedsEscaping = /[&<>"]/; - // The XmlRenderer object. function XmlRenderer(options){ return { @@ -182,17 +167,7 @@ function XmlRenderer(options){ softbreak: '\n', // by default, soft breaks are rendered as newlines in HTML // set to "<br />" to make them hard breaks // set to " " if you want to ignore line wrapping in source - escape: function(s, preserve_entities) { - if (reNeedsEscaping.test(s)) { - if (preserve_entities) { - return s.replace(/[&](?:[#](x[a-f0-9]{1,8}|[0-9]{1,8});|[a-z][a-z0-9]{1,31};)|[&<>"]/gi, replaceUnsafeChar); - } else { - return s.replace(/[&<>"]/g, replaceUnsafeChar); - } - } else { - return s; - } - }, + escape: escapeXml, options: options || {}, render: renderNodes }; |