elementtree
Advanced tools
elementtree - npm Package Compare versions
+16
-35
@@ -347,44 +347,25 @@ /** | ||
| /* TODO: benchmark single regex */ | ||
| // TODO replace without regex only replaces single instance | ||
| function _escape_attrib(text, encoding) { | ||
| function _escape(text, encoding, isAttribute) { | ||
| if (text) { | ||
| text = text.toString(); | ||
| text = text.replace(/&/g, '&'); | ||
| text = text.replace(/</g, '<'); | ||
| text = text.replace(/>/g, '>'); | ||
| text = text.replace(/\n/g, '
'); | ||
| text = text.replace(/\r/g, '
'); | ||
| if (isAttribute) { | ||
| text = text.replace(/"/g, '"'); | ||
| } | ||
| } | ||
| if (text.indexOf("&") !== -1) { | ||
| text = text.replace("&", "&"); | ||
| } | ||
| if (text.indexOf("<") !== -1) { | ||
| text = text.replace("<", "<"); | ||
| } | ||
| if (text.indexOf(">") !== -1) { | ||
| text = text.replace(">", ">"); | ||
| } | ||
| if (text.indexOf("\"") !== -1) { | ||
| text = text.replace("\"", """); | ||
| } | ||
| if (text.indexOf("\n") !== -1) { | ||
| text = text.replace("\n", " "); | ||
| } | ||
| return text; | ||
| } | ||
| /* TODO: benchmark single regex */ | ||
| function _escape_attrib(text, encoding) { | ||
| return _escape(text, encoding, true); | ||
| } | ||
| function _escape_cdata(text, encoding) { | ||
| if (text) { | ||
| text = text.toString(); | ||
| } | ||
| if (text.indexOf("&") !== -1) { | ||
| text = text.replace("&", "&"); | ||
| } | ||
| if (text.indexOf("<") !== -1) { | ||
| text = text.replace("<", "<"); | ||
| } | ||
| if (text.indexOf(">") !== -1) { | ||
| text = text.replace(">", ">"); | ||
| } | ||
| return text; | ||
| return _escape(text, encoding, false); | ||
| } | ||
@@ -391,0 +372,0 @@ |
+1
-1
@@ -9,3 +9,3 @@ { | ||
| "description": "XML Serialization and Parsing module based on Python's ElementTree.", | ||
| "version": "0.1.0", | ||
| "version": "0.1.1", | ||
| "keywords": [ "xml", "sax", "parser", "seralization", "elementtree" ], | ||
@@ -12,0 +12,0 @@ "homepage": "https://github.com/racker/node-elementtree", |
+4
-6
@@ -6,10 +6,9 @@ node-elementtree | ||
| Status | ||
| Using the library | ||
| ==================== | ||
| Incomplete. Basics work. Major work ongoing. | ||
| Using library | ||
| ==================== | ||
| Supported XPath expressions in find, findall and findtext methods are listed on [http://effbot.org/zone/element-xpath.htm](http://effbot.org/zone/element-xpath.htm). | ||
| For the usage refer to the Python ElementTree library documentation - [http://effbot.org/zone/element-index.htm#usage](http://effbot.org/zone/element-index.htm#usage). | ||
| Supported XPath expressions in `find`, `findall` and `findtext` methods are listed on [http://effbot.org/zone/element-xpath.htm](http://effbot.org/zone/element-xpath.htm). | ||
| License | ||
@@ -24,2 +23,1 @@ ==================== | ||
| $ npm install elementtree | ||
@@ -199,1 +199,10 @@ /** | ||
| }; | ||
| exports['test_escape'] = function(test, assert) { | ||
| var a = Element('a'); | ||
| var b = SubElement(a, 'b'); | ||
| b.text = '&&&&<>"\n\r'; | ||
| assert.equal(et.tostring(a, { 'xml_declaration': false }), '<a><b>&&&&<>\"

</b></a>'); | ||
| test.finish(); | ||
| }; |
New alerts
Uses eval
Supply chain riskPackage uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.
Found 1 instance in 1 package
Filesystem access
Supply chain riskAccesses the file system, and could potentially read sensitive data.
Found 1 instance in 1 package
Long strings
Supply chain riskContains long string literals, which may be a sign of obfuscated or packed code.
Found 1 instance in 1 package
URL strings
Supply chain riskPackage contains fragments of external URLs or IP addresses, which the package may be accessing at runtime.
Found 1 instance in 1 package
Fixed alerts
Uses eval
Supply chain riskPackage uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.
Found 1 instance in 1 package
Filesystem access
Supply chain riskAccesses the file system, and could potentially read sensitive data.
Found 1 instance in 1 package
Long strings
Supply chain riskContains long string literals, which may be a sign of obfuscated or packed code.
Found 1 instance in 1 package
URL strings
Supply chain riskPackage contains fragments of external URLs or IP addresses, which the package may be accessing at runtime.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
48825
0.08%Worsened metrics
- Lines of code
1208
-0.82%- Number of lines in readme file
22
-8.33%