Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket
Sign inDemoInstall

slashes

Package Overview
Dependencies
Maintainers
1
Versions
22
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

slashes - npm Package Compare versions

Comparing version 1.0.3 to 1.0.4

2

package.json
{
"name": "slashes",
"version": "1.0.3",
"version": "1.0.4",
"description": "Add or strip backslashes.",

@@ -5,0 +5,0 @@ "main": "slashes.js",

34

README.md

@@ -5,12 +5,36 @@ # slashes

Provides two methods, `add` and `strip` which are identical to PHP's `addslashes` and `stripslashes` functions
Provides two methods, `add` and `strip` which are almost the same as PHP's `addslashes` and `stripslashes` functions
respectively.
The `add` method will prefix backslash (`\`), double quote (`"`), and single quote (`'`) characters with
backslashes. Null (`\0`) characters will be replaced with backslash zero `"\\0"`.
The `add` method will prefix backslash (`\`), double quote (`"`), and single quote (`'`) characters with backslashes.
Null (`\0`) characters will be replaced with backslash zero `"\\0"`, and newline (`\n`) characters will be replaced with
`"\\n"`. The newline replacement differs from PHP because JavaScript has ASI (auto semicolon insertion) at the end of
each line, so a newline in a JavaScript string literal does not preserve the newline character correctly.
The `strip` method replaces all sequences of two characters that start with a backslash, with the second character in
the sequence. There are two caveats. A single non-escaped slash at the end of the string will be removed. Backslash
zero `"\\0"` will become a null (`\0`) character.
the sequence. There are three caveats. A single non-escaped slash at the end of the string will be removed. Backslash
zero `"\\0"` will become a null (`\0`) character. Backslash 'n' `"\\n"` will become a newline (`\n`) character.
The goal of this utility is to make a string safe for concatenation or injection into JavaScript source. The following
snippet would throw an exception.
```js
var foo = "\\bar";
var source = "console.log('" + bar + "');";
eval(source);
```
You might expect that to output `\bar` but instead you will see `ar`, because the source string ends up being
`console.log('\bar');` which is interpreted as starting with an escaped "b" rather than a backslash and then a "b". It
can be fixed using he `add` method.
```js
var foo = "\\bar";
var source = "console.log('" + slashes.add(bar) + "');";
eval(source);
```
Now the source comes out as `console.log('\\bar');` and the output will be `\bar`.
## Install

@@ -17,0 +41,0 @@

6

slashes.js

@@ -10,3 +10,3 @@ "use strict";

--count;
str = str.replace(/[\\'"\0]/g, add_replace);
str = str.replace(/[\\'"\0\n]/g, add_replace);
}

@@ -34,2 +34,4 @@

return "\\0";
} else if (match === "\n") {
return "\\n";
} else {

@@ -44,2 +46,4 @@ return "\\" + match;

return "\0";
} else if (g1 === "n") {
return "\n";
} else {

@@ -46,0 +50,0 @@ return g1;

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc