Mirrors/lodash
1
0
Fork 0
mirror of https://github.com/whoisclebs/lodash.git synced 2026-02-13 20:37:48 +00:00
Code Issues Packages Projects Releases Wiki Activity

Switch to an htmlEscapes object for use in _.escape.

Browse Source 
Former-commit-id: bc449b5d6868c846d599840e5c0d90d0314fe4b8
This commit is contained in:
John-David Dalton
2012-06-04 02:12:41 -04:00
parent 210485d0be
commit da1124dd37
2 changed files with 59 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
build/pre-compile.js
View File

@@ -211,6 +211,9 @@
}); });
}); });
// remove newline from double-quoted string in `_.template`
source = source.replace('"\';\\n"', '"\';"');
// minify `_.sortBy` internal properties // minify `_.sortBy` internal properties
(function() { (function() {
var properties = ['criteria', 'value'], var properties = ['criteria', 'value'],

90
lodash.js
View File

@@ -12,17 +12,6 @@
var freeExports = typeof exports == 'object' && exports && var freeExports = typeof exports == 'object' && exports &&
(typeof global == 'object' && global && global == global.global && (window = global), exports); (typeof global == 'object' && global && global == global.global && (window = global), exports);
/** Used to escape characters in templates */
var escapes = {
'\\': '\\',
"'": "'",
'\n': 'n',
'\r': 'r',
'\t': 't',
'\u2028': 'u2028',
'\u2029': 'u2029'
};
/** /**
* Detect the JScript [[DontEnum]] bug: * Detect the JScript [[DontEnum]] bug:
* In IE < 9 an objects own properties, shadowing non-enumerable ones, are * In IE < 9 an objects own properties, shadowing non-enumerable ones, are
@@ -33,16 +22,6 @@
/** Used to generate unique IDs */ /** Used to generate unique IDs */
var idCounter = 0; var idCounter = 0;
/** Used to determine if values are of the language type Object */
var objectTypes = {
'boolean': false,
'function': true,
'object': true,
'number': false,
'string': false,
'undefined': false
};
/** Used to restore the original `_` reference in `noConflict` */ /** Used to restore the original `_` reference in `noConflict` */
var oldDash = window._; var oldDash = window._;
@@ -54,8 +33,11 @@
/** Used to match tokens in template text */ /** Used to match tokens in template text */
var reToken = /__token__(\d+)/g; var reToken = /__token__(\d+)/g;
/** Used to match unescaped characters in template text */ /** Used to match unescaped characters in HTML */
var reUnescaped = /['\n\r\t\u2028\u2029\\]/g; var reUnescapedHtml = /[&<"']/g;
/** Used to match unescaped characters in string literals */
var reUnescapedString = /['\n\r\t\u2028\u2029\\]/g;
/** Used to fix the JScript [[DontEnum]] bug */ /** Used to fix the JScript [[DontEnum]] bug */
var shadowed = [ var shadowed = [
@@ -69,6 +51,40 @@
/** Used to store tokenized template text snippets */ /** Used to store tokenized template text snippets */
var tokenized = []; var tokenized = [];
/**
* Used to escape characters for inclusion in HTML.
* The `>` and `/` characters don't require escaping in HTML and have no
* special meaning unless they're part of a tag or an unquoted attribute value
* http://mathiasbynens.be/notes/ambiguous-ampersands (semi-related fun fact)
*/
var htmlEscapes = {
'&': '&amp;',
'<': '&lt;',
'"': '&quot;',
"'": '&#x27;'
};
/** Used to determine if values are of the language type Object */
var objectTypes = {
'boolean': false,
'function': true,
'object': true,
'number': false,
'string': false,
'undefined': false
};
/** Used to escape characters for inclusion in string literals */
var stringEscapes = {
'\\': '\\',
"'": "'",
'\n': 'n',
'\r': 'r',
'\t': 't',
'\u2028': 'u2028',
'\u2029': 'u2029'
};
/** Object#toString result shortcuts */ /** Object#toString result shortcuts */
var arrayClass = '[object Array]', var arrayClass = '[object Array]',
boolClass = '[object Boolean]', boolClass = '[object Boolean]',
@@ -449,8 +465,19 @@
* @param {String} match The matched character to escape. * @param {String} match The matched character to escape.
* @returns {String} Returns the escaped character. * @returns {String} Returns the escaped character.
*/ */
function escapeChar(match) { function escapeStringChar(match) {
return '\\' + escapes[match]; return '\\' + stringEscapes[match];
}
/**
* Used by `escape()` to escape characters for inclusion in HTML.
*
* @private
* @param {String} match The matched character to escape.
* @returns {String} Returns the escaped character.
*/
function escapeHtmlChar(match) {
return htmlEscapes[match];
} }
/** /**
@@ -2823,14 +2850,7 @@
* // => "Curly, Larry &amp; Moe" * // => "Curly, Larry &amp; Moe"
*/ */
function escape(string) { function escape(string) {
// the `>` character doesn't require escaping in HTML and has no special return (string + '').replace(reUnescapedHtml, escapeHtmlChar);
// meaning unless it's part of a tag or an unquoted attribute value
// http://mathiasbynens.be/notes/ambiguous-ampersands (semi-related fun fact)
return (string + '')
.replace(/&/g, '&amp;')
.replace(/</g, '&lt;')
.replace(/"/g, '&quot;')
.replace(/'/g, '&#x27;');
} }
/** /**
@@ -3029,7 +3049,9 @@
// escape characters that cannot be included in string literals and // escape characters that cannot be included in string literals and
// detokenize delimiter code snippets // detokenize delimiter code snippets
text = "__p='" + text.replace(reUnescaped, escapeChar).replace(reToken, detokenize) + "';\n"; text = "__p='" + text
.replace(reUnescapedString, escapeStringChar)
.replace(reToken, detokenize) + "';\n";
// clear stored code snippets // clear stored code snippets
tokenized.length = 0; tokenized.length = 0;