mirror/ditto
mirror/ditto
1
0
Fork 0
mirror of https://gitlab.com/soapbox-pub/ditto.git synced 2025-12-06 11:29:46 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

use entities escape instead of shitty custom one

Browse source
This commit is contained in:
Siddharth Singh 2024-08-05 15:42:32 +05:30
parent 0706f53b9f
commit 7e2217ccd8
No known key found for this signature in database
1 changed files with 3 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
src/utils/html.ts
View file

@ -1,3 +1,5 @@
import { escape } from 'entities';
interface RawHtml { interface RawHtml {
raw: true; raw: true;
contents: string; contents: string;
@ -10,16 +12,6 @@ interface RawHtmlOptions {
joiner?: string; joiner?: string;
} }
export function escape(str: string) {
if (!str) return '';
return str.replace(/&/g, '&')
.replace(/</g, '&lt;')
.replace(/>/g, '&gt;')
.replace(/"/g, '&quot;')
.replace(/'/g, '&#39;');
}
/** /**
* Prevent values from being escaped by html``. * Prevent values from being escaped by html``.
* @param val Any value. * @param val Any value.
@ -40,7 +32,7 @@ export function r(val: any, options?: RawHtmlOptions): RawHtml {
* ``` * ```
* const unsafe = `oops <script>alert(1)</script>`; * const unsafe = `oops <script>alert(1)</script>`;
* testing.innerHTML = html`foo bar baz ${unsafe}`; * testing.innerHTML = html`foo bar baz ${unsafe}`;
* console.assert(testing === "foo bar baz oops%20%3Cscript%3Ealert%281%29%3C/script%3E"); * console.assert(testing === "foo bar baz oops&lt;script&gt;alert(1)&lt;/script&gt;");
* ``` * ```
*/ */
export function html(strings: TemplateStringsArray, ...values: (string | number | RawHtml)[]) { export function html(strings: TemplateStringsArray, ...values: (string | number | RawHtml)[]) {