fast-xml-parser
Advanced tools
+3
-0
| <small>Note: If you find missing information about particular minor version, that version must have been changed without any functional change in this library.</small> | ||
| **4.5.5 / 2026-07-02** | ||
| - fix: escape comment and CDATA delimiters when building XML (By [greymoth](https://github.com/greymoth-jp)) | ||
| **4.5.4 / 2026-02-26** | ||
@@ -4,0 +7,0 @@ - support strictReservedNames |
+2
-2
| { | ||
| "name": "fast-xml-parser", | ||
| "version": "4.5.6", | ||
| "version": "4.5.7", | ||
| "description": "Validate XML, Parse XML, Build XML without C/C++ based libraries", | ||
@@ -71,2 +71,2 @@ "main": "./src/fxp.js", | ||
| } | ||
| } | ||
| } |
@@ -209,3 +209,6 @@ 'use strict'; | ||
| } else if (this.options.commentPropName !== false && key === this.options.commentPropName && piClosingChar.length === 0) { | ||
| return this.indentate(level) + `<!--${val}-->` + this.newLine; | ||
| const safeVal = String(val) | ||
| .replace(/--/g, '- -') // -- is illegal anywhere in comment content | ||
| .replace(/-$/, '- '); // trailing - would form --> with the closing delimiter | ||
| return this.indentate(level) + `<!--${safeVal}-->` + this.newLine; | ||
| }else { | ||
@@ -246,5 +249,9 @@ return ( | ||
| if (this.options.cdataPropName !== false && key === this.options.cdataPropName) { | ||
| return this.indentate(level) + `<![CDATA[${val}]]>` + this.newLine; | ||
| const safeVal = String(val).replace(/\]\]>/g, ']]]]><![CDATA[>'); | ||
| return this.indentate(level) + `<![CDATA[${safeVal}]]>` + this.newLine; | ||
| }else if (this.options.commentPropName !== false && key === this.options.commentPropName) { | ||
| return this.indentate(level) + `<!--${val}-->` + this.newLine; | ||
| const safeVal = String(val) | ||
| .replace(/--/g, '- -') // -- is illegal anywhere in comment content | ||
| .replace(/-$/, '- '); // trailing - would form --> with the closing delimiter | ||
| return this.indentate(level) + `<!--${safeVal}-->` + this.newLine; | ||
| }else if(key[0] === "?") {//PI tag | ||
@@ -251,0 +258,0 @@ return this.indentate(level) + '<' + key + attrStr+ '?' + this.tagEndChar; |
@@ -57,7 +57,11 @@ const EOL = "\n"; | ||
| } | ||
| xmlStr += `<![CDATA[${tagObj[tagName][0][options.textNodeName]}]]>`; | ||
| const cdataVal = String(tagObj[tagName][0][options.textNodeName]).replace(/\]\]>/g, ']]]]><![CDATA[>'); | ||
| xmlStr += `<![CDATA[${cdataVal}]]>`; | ||
| isPreviousElementTag = false; | ||
| continue; | ||
| } else if (tagName === options.commentPropName) { | ||
| xmlStr += indentation + `<!--${tagObj[tagName][0][options.textNodeName]}-->`; | ||
| const commentVal = String(tagObj[tagName][0][options.textNodeName]) | ||
| .replace(/--/g, '- -') // -- is illegal anywhere in comment content | ||
| .replace(/-$/, '- '); // trailing - would form --> with the closing delimiter | ||
| xmlStr += indentation + `<!--${commentVal}-->`; | ||
| isPreviousElementTag = true; | ||
@@ -64,0 +68,0 @@ continue; |
AI-detected potential code anomaly
Supply chain riskAI has identified unusual behaviors that may pose a security risk.
Found 2 instances
AI-detected potential code anomaly
Supply chain riskAI has identified unusual behaviors that may pose a security risk.
Found 2 instances
197778
0.47%4535
0.24%