diff options
Diffstat (limited to 'node_modules/escape-goat')
| -rw-r--r-- | node_modules/escape-goat/index.d.ts | 62 | ||||
| -rw-r--r-- | node_modules/escape-goat/index.js | 33 | ||||
| -rw-r--r-- | node_modules/escape-goat/license | 9 | ||||
| -rw-r--r-- | node_modules/escape-goat/package.json | 45 | ||||
| -rw-r--r-- | node_modules/escape-goat/readme.md | 76 |
5 files changed, 225 insertions, 0 deletions
diff --git a/node_modules/escape-goat/index.d.ts b/node_modules/escape-goat/index.d.ts new file mode 100644 index 0000000..4f46024 --- /dev/null +++ b/node_modules/escape-goat/index.d.ts @@ -0,0 +1,62 @@ +/** +Escape a string for use in HTML. + +Escapes the following characters in the given `string` argument: `&` `<` `>` `"` `'`. + +@example +``` +import {htmlEscape} from 'escape-goat'; + +htmlEscape('🦄 & 🐐'); +//=> '🦄 & 🐐' + +htmlEscape('Hello <em>World</em>'); +//=> 'Hello <em>World</em>' +``` +*/ +export function htmlEscape(string: string): string; + +/** +Unescape an HTML string to use as a plain string. + +Unescapes the following HTML entities in the given `htmlString` argument: `&` `<` `>` `"` `'`. + +@example +``` +import {htmlUnescape} from 'escape-goat'; + +htmlUnescape('🦄 & 🐐'); +//=> '🦄 & 🐐' +``` +*/ +export function htmlUnescape(htmlString: string): string; + +/** +[Tagged template literal](https://developer.mozilla.org/en/docs/Web/JavaScript/Reference/Template_literals#Tagged_template_literals) that escapes interpolated values. + +@example +``` +import {htmlEscapeTag} from 'escape-goat'; + +const url = 'https://sindresorhus.com?x="🦄"'; + +htmlEscapeTag`<a href="${url}">Unicorn</a>`; +//=> '<a href="https://sindresorhus.com?x="🦄"">Unicorn</a>' +``` +*/ +export function htmlEscapeTag(template: TemplateStringsArray, ...substitutions: readonly unknown[]): string; + +/** +[Tagged template literal](https://developer.mozilla.org/en/docs/Web/JavaScript/Reference/Template_literals#Tagged_template_literals) that unescapes interpolated values. + +@example +``` +import {htmlUnescapeTag} from 'escape-goat'; + +const escapedUrl = 'https://sindresorhus.com?x="🦄"'; + +htmlUnescapeTag`URL from HTML: ${url}`; +//=> 'URL from HTML: https://sindresorhus.com?x="🦄"' +``` +*/ +export function htmlUnescapeTag(template: TemplateStringsArray, ...substitutions: readonly unknown[]): string; diff --git a/node_modules/escape-goat/index.js b/node_modules/escape-goat/index.js new file mode 100644 index 0000000..0960d55 --- /dev/null +++ b/node_modules/escape-goat/index.js @@ -0,0 +1,33 @@ +'use strict'; + +exports.htmlEscape = string => string + .replace(/&/g, '&') + .replace(/"/g, '"') + .replace(/'/g, ''') + .replace(/</g, '<') + .replace(/>/g, '>'); + +exports.htmlUnescape = htmlString => htmlString + .replace(/>/g, '>') + .replace(/</g, '<') + .replace(/�?39;/g, '\'') + .replace(/"/g, '"') + .replace(/&/g, '&'); + +exports.htmlEscapeTag = (strings, ...values) => { + let output = strings[0]; + for (let i = 0; i < values.length; i++) { + output = output + exports.htmlEscape(String(values[i])) + strings[i + 1]; + } + + return output; +}; + +exports.htmlUnescapeTag = (strings, ...values) => { + let output = strings[0]; + for (let i = 0; i < values.length; i++) { + output = output + exports.htmlUnescape(String(values[i])) + strings[i + 1]; + } + + return output; +}; diff --git a/node_modules/escape-goat/license b/node_modules/escape-goat/license new file mode 100644 index 0000000..e7af2f7 --- /dev/null +++ b/node_modules/escape-goat/license @@ -0,0 +1,9 @@ +MIT License + +Copyright (c) Sindre Sorhus <sindresorhus@gmail.com> (sindresorhus.com) + +Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. diff --git a/node_modules/escape-goat/package.json b/node_modules/escape-goat/package.json new file mode 100644 index 0000000..84803d2 --- /dev/null +++ b/node_modules/escape-goat/package.json @@ -0,0 +1,45 @@ +{ + "name": "escape-goat", + "version": "2.1.1", + "description": "Escape a string for use in HTML or the inverse", + "license": "MIT", + "repository": "sindresorhus/escape-goat", + "author": { + "name": "Sindre Sorhus", + "email": "sindresorhus@gmail.com", + "url": "sindresorhus.com" + }, + "engines": { + "node": ">=8" + }, + "scripts": { + "test": "xo && ava && tsd" + }, + "files": [ + "index.js", + "index.d.ts" + ], + "keywords": [ + "escape", + "unescape", + "html", + "entity", + "entities", + "escaping", + "sanitize", + "sanitization", + "utility", + "template", + "attribute", + "value", + "interpolate", + "xss", + "goat", + "🐐" + ], + "devDependencies": { + "ava": "^1.4.1", + "tsd": "^0.7.2", + "xo": "^0.24.0" + } +} diff --git a/node_modules/escape-goat/readme.md b/node_modules/escape-goat/readme.md new file mode 100644 index 0000000..56f33d3 --- /dev/null +++ b/node_modules/escape-goat/readme.md @@ -0,0 +1,76 @@ +<h1> + <img src="logo.jpg" width="1280" alt="escape-goat"> +</h1> + +> Escape a string for use in HTML or the inverse + +[](https://travis-ci.org/sindresorhus/escape-goat) + + +## Install + +``` +$ npm install escape-goat +``` + + +## Usage + +```js +const {htmlEscape, htmlUnescape, htmlEscapeTag, htmlUnescapeTag} = require('escape-goat'); + +htmlEscape('🦄 & 🐐'); +//=> '🦄 & 🐐' + +htmlUnescape('🦄 & 🐐'); +//=> '🦄 & 🐐' + +htmlEscape('Hello <em>World</em>'); +//=> 'Hello <em>World</em>' + +const url = 'https://sindresorhus.com?x="🦄"'; + +htmlEscapeTag`<a href="${url}">Unicorn</a>`; +//=> '<a href="https://sindresorhus.com?x="🦄"">Unicorn</a>' + +const escapedUrl = 'https://sindresorhus.com?x="🦄"'; + +htmlUnescapeTag`URL from HTML: ${url}`; +//=> 'URL from HTML: https://sindresorhus.com?x="🦄"' +``` + + +## API + +### htmlEscape(string) + +Escapes the following characters in the given `string` argument: `&` `<` `>` `"` `'` + +### htmlUnescape(htmlString) + +Unescapes the following HTML entities in the given `htmlString` argument: `&` `<` `>` `"` `'` + +### htmlEscapeTag + +[Tagged template literal](https://developer.mozilla.org/en/docs/Web/JavaScript/Reference/Template_literals#Tagged_template_literals) that escapes interpolated values. + +### htmlUnescapeTag + +[Tagged template literal](https://developer.mozilla.org/en/docs/Web/JavaScript/Reference/Template_literals#Tagged_template_literals) that unescapes interpolated values. + + +## Tip + +Ensure you always quote your HTML attributes to prevent possible [XSS](https://en.wikipedia.org/wiki/Cross-site_scripting). + + +## FAQ + +### Why yet another HTML escaping package? + +I couldn't find one I liked that was tiny, well-tested, and had both `.escape()` and `.unescape()`. + + +## License + +MIT © [Sindre Sorhus](https://sindresorhus.com) |