| Server IP : 104.21.80.248 / Your IP : 172.71.28.155 Web Server : Apache/2.4.25 (Win32) OpenSSL/1.0.2j PHP/5.6.30 System : Windows NT WIN-ECQAAA40806 6.2 build 9200 (Windows Server 2012 Standard Edition) i586 User : SYSTEM ( 0) PHP Version : 5.6.30 Disable Function : NONE MySQL : ON | cURL : ON | WGET : OFF | Perl : OFF | Python : OFF | Sudo : OFF | Pkexec : OFF Directory : E:/Inetpub/www/myschool/triamudom/tuprblearn/lib/yuilib/3.17.2/escape/ |
Upload File : |
/*
YUI 3.17.2 (build 9c3c78e)
Copyright 2014 Yahoo! Inc. All rights reserved.
Licensed under the BSD License.
http://yuilibrary.com/license/
*/
YUI.add('escape', function (Y, NAME) {
/**
Provides utility methods for escaping strings.
@module escape
@class Escape
@static
@since 3.3.0
**/
var HTML_CHARS = {
'&': '&',
'<': '<',
'>': '>',
'"': '"',
"'": ''',
'/': '/',
'`': '`'
},
Escape = {
// -- Public Static Methods ------------------------------------------------
/**
Returns a copy of the specified string with special HTML characters
escaped. The following characters will be converted to their
corresponding character entities:
& < > " ' / `
This implementation is based on the [OWASP HTML escaping
recommendations][1]. In addition to the characters in the OWASP
recommendations, we also escape the <code>`</code> character, since IE
interprets it as an attribute delimiter.
If _string_ is not already a string, it will be coerced to a string.
[1]: http://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet
@method html
@param {String} string String to escape.
@return {String} Escaped string.
@static
**/
html: function (string) {
return (string + '').replace(/[&<>"'\/`]/g, Escape._htmlReplacer);
},
/**
Returns a copy of the specified string with special regular expression
characters escaped, allowing the string to be used safely inside a regex.
The following characters, and all whitespace characters, are escaped:
- $ ^ * ( ) + [ ] { } | \ , . ?
If _string_ is not already a string, it will be coerced to a string.
@method regex
@param {String} string String to escape.
@return {String} Escaped string.
@static
**/
regex: function (string) {
// There's no need to escape !, =, and : since they only have meaning
// when they follow a parenthesized ?, as in (?:...), and we already
// escape parens and question marks.
return (string + '').replace(/[\-$\^*()+\[\]{}|\\,.?\s]/g, '\\$&');
},
// -- Protected Static Methods ---------------------------------------------
/**
* Regex replacer for HTML escaping.
*
* @method _htmlReplacer
* @param {String} match Matched character (must exist in HTML_CHARS).
* @return {String} HTML entity.
* @static
* @protected
*/
_htmlReplacer: function (match) {
return HTML_CHARS[match];
}
};
Escape.regexp = Escape.regex;
Y.Escape = Escape;
}, '3.17.2', {"requires": ["yui-base"]});