mirror/ditto
mirror/ditto
1
0
Fork 0
mirror of https://gitlab.com/soapbox-pub/ditto.git synced 2025-12-06 11:29:46 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

use entities escape instead of shitty custom one

Browse source
This commit is contained in:
Siddharth Singh 2024-08-05 15:42:32 +05:30
parent 0706f53b9f
commit 7e2217ccd8
No known key found for this signature in database
1 changed files with 3 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
src/utils/html.ts
View file

@ -1,3 +1,5 @@
import { escape } from 'entities';
interface RawHtml {
raw: true;
contents: string;
@ -10,16 +12,6 @@ interface RawHtmlOptions {
joiner?: string;
}
export function escape(str: string) {
if (!str) return '';
return str.replace(/&/g, '&')
.replace(/</g, '&lt;')
.replace(/>/g, '&gt;')
.replace(/"/g, '&quot;')
.replace(/'/g, '&#39;');
}
/**
* Prevent values from being escaped by html``.
* @param val Any value.
@ -40,7 +32,7 @@ export function r(val: any, options?: RawHtmlOptions): RawHtml {
* ```
* const unsafe = `oops <script>alert(1)</script>`;
* testing.innerHTML = html`foo bar baz ${unsafe}`;
* console.assert(testing === "foo bar baz oops%20%3Cscript%3Ealert%281%29%3C/script%3E");
* console.assert(testing === "foo bar baz oops&lt;script&gt;alert(1)&lt;/script&gt;");
* ```
*/
export function html(strings: TemplateStringsArray, ...values: (string | number | RawHtml)[]) {