27 lines
661 B
JavaScript
27 lines
661 B
JavaScript
|
const characterReferences = {'"': 'quot', '&': 'amp', '<': 'lt', '>': 'gt'}
|
|||
|
|
|
|||
|
|
/**
|
|||
|
|
* Encode only the dangerous HTML characters.
|
|||
|
|
*
|
|||
|
|
* This ensures that certain characters which have special meaning in HTML are
|
|||
|
|
* dealt with.
|
|||
|
|
* Technically, we can skip `>` and `"` in many cases, but CM includes them.
|
|||
|
|
*
|
|||
|
|
* @param {string} value
|
|||
|
|
* Value to encode.
|
|||
|
|
* @returns {string}
|
|||
|
|
* Encoded value.
|
|||
|
|
*/
|
|||
|
|
export function encode(value) {
|
|||
|
|
return value.replace(/["&<>]/g, replace)
|
|||
|
|
|
|||
|
|
/**
|
|||
|
|
* @param {string} value
|
|||
|
|
* @returns {string}
|
|||
|
|
*/
|
|||
|
|
function replace(value) {
|
|||
|
|
// @ts-expect-error Hush, it’s fine.
|
|||
|
|
return '&' + characterReferences[value] + ';'
|
|||
|
|
}
|
|||
|
|
}
|