New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More →
html-util - npm Package Compare versions
Comparing version 0.1.5 to 0.2.1
@@ -1,11 +0,7 @@ | ||
| var entityCode = require('./entityCode') | ||
| , parse = require('./parse') | ||
| var parse = require('./parse'); | ||
| module.exports = { | ||
| parse: parse | ||
| , escapeHtml: escapeHtml | ||
| , escapeAttribute: escapeAttribute | ||
| , unescapeEntities: unescapeEntities | ||
| , isVoid: isVoid | ||
| , conditionalComment: conditionalComment | ||
| , isConditionalComment: isConditionalComment | ||
| , trimLeading: trimLeading | ||
@@ -15,64 +11,43 @@ , trimText: trimText | ||
| , minify: minify | ||
| } | ||
| }; | ||
| function escapeHtml(value) { | ||
| if (value == null) return '' | ||
| return value | ||
| .toString() | ||
| .replace(/&(?!\s)|</g, function(match) { | ||
| return match === '&' ? '&' : '<' | ||
| }) | ||
| var replaceEntity; | ||
| if (typeof document !== 'undefined') { | ||
| var entityContainer = document.createElement('div'); | ||
| replaceEntity = function(match) { | ||
| // This use of innerHTML is only safe because the entity regular expression | ||
| // is sufficiently restrictive. Doing this with un-validated HTML would | ||
| // potentially introduce vulnerabilities | ||
| entityContainer.innerHTML = match; | ||
| return entityContainer.textContent || entityContainer.innerText; | ||
| }; | ||
| } else { | ||
| // Named character references from: | ||
| // http://www.whatwg.org/specs/web-apps/current-work/multipage/entities.json | ||
| // | ||
| // Only include this reference on the server, since it is a pretty large file, | ||
| // and we can use the browser's parser instead | ||
| var _require = require; | ||
| var entities = _require('./entities.json'); | ||
| replaceEntity = function(match) { | ||
| var named = entities[match]; | ||
| if (named) return named.characters; | ||
| if (match.charAt(1) !== '#') { | ||
| throw new Error('Unrecognized character reference: ' + match); | ||
| } | ||
| var charCode = (match.charAt(2) === 'x' || match.charAt(2) === 'X') ? | ||
| parseInt(match.slice(3, -1), 16) : | ||
| parseInt(match.slice(2, -1), 10); | ||
| return String.fromCharCode(charCode); | ||
| }; | ||
| } | ||
| function escapeAttribute(value) { | ||
| if (value == null || value === '') return '""' | ||
| value = value | ||
| .toString() | ||
| .replace(/&(?!\s)|"/g, function(match) { | ||
| return match === '&' ? '&' : '"' | ||
| }) | ||
| return /[ =<>']/.test(value) ? '"' + value + '"' : value | ||
| } | ||
| // Based on: | ||
| // http://code.google.com/p/jslibs/wiki/JavascriptTips#Escape_and_unescape_HTML_entities | ||
| // http://www.whatwg.org/specs/web-apps/current-work/multipage/syntax.html#character-references | ||
| function unescapeEntities(html) { | ||
| return html.replace(/&([^;]+);/g, function(match, entity) { | ||
| var charCode = entity.charAt(0) === '#' | ||
| ? entity.charAt(1) === 'x' | ||
| ? entity.slice(2, 17) | ||
| : entity.slice(1) | ||
| : entityCode[entity] | ||
| return String.fromCharCode(charCode) | ||
| }) | ||
| return html.replace(/&#?[A-Za-z0-9]+;/g, replaceEntity); | ||
| } | ||
| var voidElement = { | ||
| area: 1 | ||
| , base: 1 | ||
| , br: 1 | ||
| , col: 1 | ||
| , command: 1 | ||
| , embed: 1 | ||
| , hr: 1 | ||
| , img: 1 | ||
| , input: 1 | ||
| , keygen: 1 | ||
| , link: 1 | ||
| , meta: 1 | ||
| , param: 1 | ||
| , source: 1 | ||
| , track: 1 | ||
| , wbr: 1 | ||
| } | ||
| function isVoid(name) { | ||
| return name in voidElement | ||
| } | ||
| // Assume any HTML comment that starts with `<!--[` or ends with `]-->` | ||
| // is a conditional comment. This can also be used to keep comments in | ||
| // minified HTML, such as `<!--[ Copyright John Doe, MIT Licensed ]-->` | ||
| function conditionalComment(tag) { | ||
| function isConditionalComment(tag) { | ||
| return /(?:^<!--\[)|(?:\]-->$)/.test(tag) | ||
@@ -116,3 +91,3 @@ } | ||
| , comment: function(tag) { | ||
| if (conditionalComment(tag)) minified += tag | ||
| if (isConditionalComment(tag)) minified += tag | ||
| } | ||
@@ -119,0 +94,0 @@ , other: function(tag) { |
@@ -20,8 +20,9 @@ var startTag = /^<([^\s=\/!>]+)((?:\s+[^\s=\/>]+(?:\s*=\s*(?:(?:"[^"]*")|(?:'[^']*')|[^>\s]+)?)?)*)\s*(\/?)\s*>/ | ||
| , remainder = match[2] | ||
| , selfClosing = !!match[3] | ||
| html = html.slice(tag.length) | ||
| remainder.replace(attr, function(match, name, equals, attr0, attr1, attr2) { | ||
| attrs[name.toLowerCase()] = attr0 || attr1 || attr2 || (equals ? '' : null) | ||
| attrs[name] = attr0 || attr1 || attr2 || (equals ? '' : true) | ||
| }) | ||
| handler(tag, tagName.toLowerCase(), attrs, html) | ||
| handler(tag, tagName, attrs, selfClosing, html) | ||
@@ -110,3 +111,3 @@ return html | ||
| if (match = html.match(endTag)) { | ||
| match[1] = match[1].toLowerCase() // tagName | ||
| match[1] = match[1] // tagName | ||
| html = onTag(html, match, endHandler) | ||
@@ -113,0 +114,0 @@ continue |
@@ -8,3 +8,3 @@ { | ||
| }, | ||
| "version": "0.1.5", | ||
| "version": "0.2.1", | ||
| "main": "./lib/index.js", | ||
@@ -11,0 +11,0 @@ "dependencies": {}, |
New alerts
Major refactor
Supply chain riskPackage has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.
Found 1 instance in 1 package
Dynamic require
Supply chain riskDynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by891.92%
157993
- Lines of code
- increased by414.62%
2429
Worsened metrics
- Number of low supply chain risk alerts
- increased byInfinity%
1
- Number of medium supply chain risk alerts
- increased byInfinity%
1
No dependency changes