forked from instructure/canvas-lms
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathhtmlEscape.js
More file actions
55 lines (48 loc) · 1.42 KB
/
Copy pathhtmlEscape.js
File metadata and controls
55 lines (48 loc) · 1.42 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
define(['INST'], function(INST) {
function SafeString(string) {
this.string = (typeof string === 'string' ? string : "" + string);
}
SafeString.prototype.toString = function() {
return this.string;
};
var ENTITIES = {
'&': '&',
'<': '<',
'>': '>',
'"': '"',
"'": ''',
'/': '/',
'`': '`', // for old versions of IE
'=': '=' // in case of unquoted attributes
};
var htmlEscape = function(str) {
// ideally we should wrap this in a SafeString, but this is how it has
// always worked :-/
return str.replace(/[&<>"'\/`=]/g, function(c) {
return ENTITIES[c];
});
}
// Escapes HTML tags from string, or object string props of `strOrObject`.
// returns the new string, or the object with escaped properties
var escape = function(strOrObject) {
if (typeof strOrObject === 'string') {
return htmlEscape(strOrObject);
} else if (strOrObject instanceof SafeString) {
return strOrObject;
} else if (typeof strOrObject === 'number') {
return escape(strOrObject.toString())
}
var k, v;
for (k in strOrObject) {
v = strOrObject[k];
if (typeof v === "string") {
strOrObject[k] = htmlEscape(v);
}
}
return strOrObject;
};
escape.SafeString = SafeString;
// tinymce plugins use this and they need it global :(
INST.htmlEscape = escape;
return escape;
});