All escaping functions replace HTML reserved characters.
This commit is contained in:
parent
30da7357e5
commit
6e36b59a59
|
@ -429,14 +429,15 @@ exports.getPadHTMLDocument = function (padId, revNum, noDocType, callback)
|
|||
|
||||
function _escapeHTML(s)
|
||||
{
|
||||
var re = /[&<>]/g;
|
||||
var re = /[&"<>]/g;
|
||||
if (!re.MAP)
|
||||
{
|
||||
// persisted across function calls!
|
||||
re.MAP = {
|
||||
'&': '&',
|
||||
'"': '"',
|
||||
'<': '<',
|
||||
'>': '>',
|
||||
'>': '>'
|
||||
};
|
||||
}
|
||||
|
||||
|
|
|
@ -142,7 +142,14 @@ function binarySearchInfinite(expectedLength, func)
|
|||
|
||||
function htmlPrettyEscape(str)
|
||||
{
|
||||
return str.replace(/&/g, '&').replace(/</g, '<').replace(/>/g, '>').replace(/\r?\n/g, '\\n');
|
||||
return str.replace(/[&"<>]/g, function (c) {
|
||||
return {
|
||||
'&': '&',
|
||||
'"': '"',
|
||||
'<': '<',
|
||||
'>': '>'
|
||||
}[c] || c;
|
||||
}).replace(/\r?\n/g, '\\n');
|
||||
}
|
||||
|
||||
if (typeof exports !== "undefined")
|
||||
|
|
|
@ -229,7 +229,7 @@ domline.escapeHTML = function(s)
|
|||
'&': '&',
|
||||
'<': '<',
|
||||
'>': '>',
|
||||
'"': '"',
|
||||
'"': '"',
|
||||
"'": '''
|
||||
};
|
||||
}
|
||||
|
|
|
@ -23,7 +23,14 @@
|
|||
var padutils = {
|
||||
escapeHtml: function(x)
|
||||
{
|
||||
return String(x).replace(/\</g, '<').replace(/\>/g, '>');
|
||||
return String(x).replace(/[&"<>]/g, function (c) {
|
||||
return {
|
||||
'&': '&',
|
||||
'"': '"',
|
||||
'<': '<',
|
||||
'>': '>'
|
||||
}[c] || c;
|
||||
});
|
||||
},
|
||||
uniqueId: function()
|
||||
{
|
||||
|
|
Loading…
Reference in New Issue