escape-html - npm Package Compare versions

Comparing version 1.0.2 to 1.0.3

index.js

 /*!
  * escape-html
  * Copyright(c) 2012-2013 TJ Holowaychuk
+ * Copyright(c) 2015 Andreas Lubbe
+ * Copyright(c) 2015 Tiancheng "Timothy" Gu
  * MIT Licensed
  */
 
+'use strict';
+
 /**
+ * Module variables.
+ * @private
+ */
+
+var matchHtmlRegExp = /["'&<>]/;
+
+/**
  * Module exports.
@@ -17,3 +28,3 @@ * @public
  *
- * @param  {string} str The string to escape for inserting into HTML
+ * @param  {string} string The string to escape for inserting into HTML
  * @return {string}
@@ -23,9 +34,47 @@ * @public
 
-function escapeHtml(html) {
-  return String(html)
-    .replace(/&/g, '&amp;')
-    .replace(/"/g, '&quot;')
-    .replace(/'/g, '&#39;')
-    .replace(/</g, '&lt;')
-    .replace(/>/g, '&gt;');
+function escapeHtml(string) {
+  var str = '' + string;
+  var match = matchHtmlRegExp.exec(str);
+
+  if (!match) {
+    return str;
+  }
+
+  var escape;
+  var html = '';
+  var index = 0;
+  var lastIndex = 0;
+
+  for (index = match.index; index < str.length; index++) {
+    switch (str.charCodeAt(index)) {
+      case 34: // "
+        escape = '&quot;';
+        break;
+      case 38: // &
+        escape = '&amp;';
+        break;
+      case 39: // '
+        escape = '&#39;';
+        break;
+      case 60: // <
+        escape = '&lt;';
+        break;
+      case 62: // >
+        escape = '&gt;';
+        break;
+      default:
+        continue;
+    }
+
+    if (lastIndex !== index) {
+      html += str.substring(lastIndex, index);
+    }
+
+    lastIndex = index + 1;
+    html += escape;
+  }
+
+  return lastIndex !== index
+    ? html + str.substring(lastIndex, index)
+    : html;
 }

package.json

 {
   "name": "escape-html",
-  "description": "Escape HTML entities",
-  "version": "1.0.2",
+  "description": "Escape string for use in HTML",
+  "version": "1.0.3",
   "license": "MIT",
@@ -12,2 +12,6 @@ "keywords": [
   "repository": "component/escape-html",
+  "devDependencies": {
+    "benchmark": "1.0.0",
+    "beautify-benchmark": "0.2.4"
+  },
   "files": [
@@ -17,3 +21,6 @@ "LICENSE",
     "index.js"
-  ]
+  ],
+  "scripts": {
+    "bench": "node benchmark/index.js"
+  }
 }

Readme.md

 
 # escape-html
 
-  Escape HTML entities
+  Escape string for use in HTML
 
@@ -10,7 +10,35 @@ ## Example
 var escape = require('escape-html');
-escape(str);
+var html = escape('foo & bar');
+// -> foo & bar
 ```
 
+## Benchmark
+
+```
+$ npm run-script bench
+
+> escape-html@1.0.3 bench nodejs-escape-html
+> node benchmark/index.js
+
+
+  http_parser@1.0
+  node@0.10.33
+  v8@3.14.5.9
+  ares@1.9.0-DEV
+  uv@0.10.29
+  zlib@1.2.3
+  modules@11
+  openssl@1.0.1j
+
+  1 test completed.
+  2 tests completed.
+  3 tests completed.
+
+  no special characters    x 19,435,271 ops/sec ±0.85% (187 runs sampled)
+  single special character x  6,132,421 ops/sec ±0.67% (194 runs sampled)
+  many special characters  x  3,175,826 ops/sec ±0.65% (193 runs sampled)
+```
+
 ## License
 
   MIT

Fixed alerts

New author

Supply chain risk

A new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.

Found 1 instance in 1 package

No tests

Quality

Package does not have any tests. This is a strong signal of a poorly maintained or low quality package.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

3660

increased by82.82%

Lines of code

65

increased by160%

Number of low quality alerts

0

decreased by-100%

Number of lines in readme file

43

increased by186.67%

Number of medium supply chain risk alerts

0

decreased by-100%

Worsened metrics

Dev dependency count

2

increased byInfinity%

No dependency changes