/*!
|
* escape-html
|
* Copyright(c) 2012-2013 TJ Holowaychuk
|
* Copyright(c) 2015 Andreas Lubbe
|
* Copyright(c) 2015 Tiancheng "Timothy" Gu
|
* MIT Licensed
|
*/
|
|
'use strict';
|
|
/**
|
* Module variables.
|
* @private
|
*/
|
|
var matchHtmlRegExp = /["'&<>]/;
|
|
/**
|
* Module exports.
|
* @public
|
*/
|
|
module.exports = escapeHtml;
|
|
/**
|
* Escape special characters in the given string of html.
|
*
|
* @param {string} string The string to escape for inserting into HTML
|
* @return {string}
|
* @public
|
*/
|
|
function escapeHtml(string) {
|
var str = '' + string;
|
var match = matchHtmlRegExp.exec(str);
|
|
if (!match) {
|
return str;
|
}
|
|
var escape;
|
var html = '';
|
var index = 0;
|
var lastIndex = 0;
|
|
for (index = match.index; index < str.length; index++) {
|
switch (str.charCodeAt(index)) {
|
case 34: // "
|
escape = '"';
|
break;
|
case 38: // &
|
escape = '&';
|
break;
|
case 39: // '
|
escape = ''';
|
break;
|
case 60: // <
|
escape = '<';
|
break;
|
case 62: // >
|
escape = '>';
|
break;
|
default:
|
continue;
|
}
|
|
if (lastIndex !== index) {
|
html += str.substring(lastIndex, index);
|
}
|
|
lastIndex = index + 1;
|
html += escape;
|
}
|
|
return lastIndex !== index
|
? html + str.substring(lastIndex, index)
|
: html;
|
}
|
