kallithea Changeset - 74ec3a3bfdc7

Changeset - 74ec3a3bfdc7

Parent rev.

Child rev.

[Not reviewed]

default

0 1 0

Mads Kiilerich - 7 years ago 2019-02-11 21:36:13
mads@kiilerich.com

js: introduce an html_escape function

In analogy to (python) kallithea.lib.helpers.html_escape, introduce the
equivalent for use in JavaScript.

1 file changed with 24 insertions and 0 deletions:

kallithea/public/js/base.js

0 comments (0 inline, 0 general)

kallithea/public/js/base.js

➞

Show inline comments

@@ @@ -8,6 +8,30 @@ if (typeof console == "undefined" || typ @@
+}
 /**
  * INJECT .html_escape function into String
  * Usage: "unsafe string".html_escape()
+ *
  * This is the Javascript equivalent of kallithea.lib.helpers.html_escape(). It
  * will escape HTML characters to prevent XSS or other issues.  It should be
  * used in all cases where Javascript code is inserting potentially unsafe data
  * into the document.
+ *
  * For example:
  *      <script>confirm("boo")</script>
  * is changed into:
  *      &lt;script&gt;confirm(&quot;boo&quot;)&lt;/script&gt;
+ *
  */
 String.prototype.html_escape = function() {
     return this
         .replace(/&/g,'&amp;')
         .replace(/</g,'&lt;')
         .replace(/>/g,'&gt;')
         .replace(/"/g, '&quot;')
         .replace(/'/g, '&#039;');
+}
 /**
  * INJECT .format function into String
  * Usage: "My name is {0} {1}".format("Johny","Bravo")
  * Return "My name is Johny Bravo"

0 comments (0 inline, 0 general)