escape-html
Advanced tools
Comparing version 1.0.2 to 1.0.3
65
index.js
/*! | ||
* escape-html | ||
* Copyright(c) 2012-2013 TJ Holowaychuk | ||
* Copyright(c) 2015 Andreas Lubbe | ||
* Copyright(c) 2015 Tiancheng "Timothy" Gu | ||
* MIT Licensed | ||
*/ | ||
'use strict'; | ||
/** | ||
* Module variables. | ||
* @private | ||
*/ | ||
var matchHtmlRegExp = /["'&<>]/; | ||
/** | ||
* Module exports. | ||
@@ -17,3 +28,3 @@ * @public | ||
* | ||
* @param {string} str The string to escape for inserting into HTML | ||
* @param {string} string The string to escape for inserting into HTML | ||
* @return {string} | ||
@@ -23,9 +34,47 @@ * @public | ||
function escapeHtml(html) { | ||
return String(html) | ||
.replace(/&/g, '&') | ||
.replace(/"/g, '"') | ||
.replace(/'/g, ''') | ||
.replace(/</g, '<') | ||
.replace(/>/g, '>'); | ||
function escapeHtml(string) { | ||
var str = '' + string; | ||
var match = matchHtmlRegExp.exec(str); | ||
if (!match) { | ||
return str; | ||
} | ||
var escape; | ||
var html = ''; | ||
var index = 0; | ||
var lastIndex = 0; | ||
for (index = match.index; index < str.length; index++) { | ||
switch (str.charCodeAt(index)) { | ||
case 34: // " | ||
escape = '"'; | ||
break; | ||
case 38: // & | ||
escape = '&'; | ||
break; | ||
case 39: // ' | ||
escape = '''; | ||
break; | ||
case 60: // < | ||
escape = '<'; | ||
break; | ||
case 62: // > | ||
escape = '>'; | ||
break; | ||
default: | ||
continue; | ||
} | ||
if (lastIndex !== index) { | ||
html += str.substring(lastIndex, index); | ||
} | ||
lastIndex = index + 1; | ||
html += escape; | ||
} | ||
return lastIndex !== index | ||
? html + str.substring(lastIndex, index) | ||
: html; | ||
} |
{ | ||
"name": "escape-html", | ||
"description": "Escape HTML entities", | ||
"version": "1.0.2", | ||
"description": "Escape string for use in HTML", | ||
"version": "1.0.3", | ||
"license": "MIT", | ||
@@ -12,2 +12,6 @@ "keywords": [ | ||
"repository": "component/escape-html", | ||
"devDependencies": { | ||
"benchmark": "1.0.0", | ||
"beautify-benchmark": "0.2.4" | ||
}, | ||
"files": [ | ||
@@ -17,3 +21,6 @@ "LICENSE", | ||
"index.js" | ||
] | ||
], | ||
"scripts": { | ||
"bench": "node benchmark/index.js" | ||
} | ||
} |
# escape-html | ||
Escape HTML entities | ||
Escape string for use in HTML | ||
@@ -10,7 +10,35 @@ ## Example | ||
var escape = require('escape-html'); | ||
escape(str); | ||
var html = escape('foo & bar'); | ||
// -> foo & bar | ||
``` | ||
## Benchmark | ||
``` | ||
$ npm run-script bench | ||
> escape-html@1.0.3 bench nodejs-escape-html | ||
> node benchmark/index.js | ||
http_parser@1.0 | ||
node@0.10.33 | ||
v8@3.14.5.9 | ||
ares@1.9.0-DEV | ||
uv@0.10.29 | ||
zlib@1.2.3 | ||
modules@11 | ||
openssl@1.0.1j | ||
1 test completed. | ||
2 tests completed. | ||
3 tests completed. | ||
no special characters x 19,435,271 ops/sec ±0.85% (187 runs sampled) | ||
single special character x 6,132,421 ops/sec ±0.67% (194 runs sampled) | ||
many special characters x 3,175,826 ops/sec ±0.65% (193 runs sampled) | ||
``` | ||
## License | ||
MIT |
Sorry, the diff of this file is not supported yet
New author
Supply chain riskA new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.
Found 1 instance in 1 package
No tests
QualityPackage does not have any tests. This is a strong signal of a poorly maintained or low quality package.
Found 1 instance in 1 package
3660
65
0
43
0
2