-
Notifications
You must be signed in to change notification settings - Fork 4.3k
/
Copy pathindex.js
95 lines (89 loc) · 2.71 KB
/
index.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
/**
* Regular expression matching invalid attribute names.
*
* "Attribute names must consist of one or more characters other than controls,
* U+0020 SPACE, U+0022 ("), U+0027 ('), U+003E (>), U+002F (/), U+003D (=),
* and noncharacters."
*
* @link https://html.spec.whatwg.org/multipage/syntax.html#attributes-2
*
* @type {RegExp}
*/
const REGEXP_INVALID_ATTRIBUTE_NAME = /[\u007F-\u009F "'>/="\uFDD0-\uFDEF]/;
/**
* Returns a string with ampersands escaped. Note that this is an imperfect
* implementation, where only ampersands which do not appear as a pattern of
* named, decimal, or hexadecimal character references are escaped. Invalid
* named references (i.e. ambiguous ampersand) are are still permitted.
*
* @link https://w3c.github.io/html/syntax.html#character-references
* @link https://w3c.github.io/html/syntax.html#ambiguous-ampersand
* @link https://w3c.github.io/html/syntax.html#named-character-references
*
* @param {string} value Original string.
*
* @return {string} Escaped string.
*/
export function escapeAmpersand( value ) {
return value.replace( /&(?!([a-z0-9]+|#[0-9]+|#x[a-f0-9]+);)/gi, '&' );
}
/**
* Returns a string with quotation marks replaced.
*
* @param {string} value Original string.
*
* @return {string} Escaped string.
*/
export function escapeQuotationMark( value ) {
return value.replace( /"/g, '"' );
}
/**
* Returns a string with less-than sign replaced.
*
* @param {string} value Original string.
*
* @return {string} Escaped string.
*/
export function escapeLessThan( value ) {
return value.replace( /</g, '<' );
}
/**
* Returns an escaped attribute value.
*
* @link https://w3c.github.io/html/syntax.html#elements-attributes
*
* "[...] the text cannot contain an ambiguous ampersand [...] must not contain
* any literal U+0022 QUOTATION MARK characters (")"
*
* @param {string} value Attribute value.
*
* @return {string} Escaped attribute value.
*/
export function escapeAttribute( value ) {
return escapeQuotationMark( escapeAmpersand( value ) );
}
/**
* Returns an escaped HTML element value.
*
* @link https://w3c.github.io/html/syntax.html#writing-html-documents-elements
*
* "the text must not contain the character U+003C LESS-THAN SIGN (<) or an
* ambiguous ampersand."
*
* @param {string} value Element value.
*
* @return {string} Escaped HTML element value.
*/
export function escapeHTML( value ) {
return escapeLessThan( escapeAmpersand( value ) );
}
/**
* Returns true if the given attribute name is valid, or false otherwise.
*
* @param {string} name Attribute name to test.
*
* @return {boolean} Whether attribute is valid.
*/
export function isValidAttributeName( name ) {
return ! REGEXP_INVALID_ATTRIBUTE_NAME.test( name );
}