htmlescape.js
863 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
/**
* Properly escape JSON for usage as an object literal inside of a `<script>` tag.
* JS implementation of http://golang.org/pkg/encoding/json/#HTMLEscape
* More info: http://timelessrepo.com/json-isnt-a-javascript-subset
*/
'use strict';
var ESCAPE_LOOKUP = {
'&': '\\u0026',
'>': '\\u003e',
'<': '\\u003c',
'\u2028': '\\u2028',
'\u2029': '\\u2029'
};
var ESCAPE_REGEX = /[&><\u2028\u2029]/g;
function escaper(match) {
return ESCAPE_LOOKUP[match];
}
module.exports = function(obj) {
return JSON.stringify(obj).replace(ESCAPE_REGEX, escaper);
};
/***/
var TERMINATORS_LOOKUP = {
'\u2028': '\\u2028',
'\u2029': '\\u2029'
};
var TERMINATORS_REGEX = /[\u2028\u2029]/g;
function sanitizer(match) {
return TERMINATORS_LOOKUP[match];
}
module.exports.sanitize = function(str) {
return str.replace(TERMINATORS_REGEX, sanitizer);
};