27 lines
661 B
JavaScript
27 lines
661 B
JavaScript
const characterReferences = {'"': 'quot', '&': 'amp', '<': 'lt', '>': 'gt'}
|
||
|
||
/**
|
||
* Encode only the dangerous HTML characters.
|
||
*
|
||
* This ensures that certain characters which have special meaning in HTML are
|
||
* dealt with.
|
||
* Technically, we can skip `>` and `"` in many cases, but CM includes them.
|
||
*
|
||
* @param {string} value
|
||
* Value to encode.
|
||
* @returns {string}
|
||
* Encoded value.
|
||
*/
|
||
export function encode(value) {
|
||
return value.replace(/["&<>]/g, replace)
|
||
|
||
/**
|
||
* @param {string} value
|
||
* @returns {string}
|
||
*/
|
||
function replace(value) {
|
||
// @ts-expect-error Hush, it’s fine.
|
||
return '&' + characterReferences[value] + ';'
|
||
}
|
||
}
|