2019-02-07 11:58:10 -05:00
|
|
|
const log = require('./log');
|
|
|
|
|
2016-09-13 17:51:17 -04:00
|
|
|
/**
|
|
|
|
* Escape a string to be safe to use in XML content.
|
|
|
|
* CC-BY-SA: hgoebl
|
|
|
|
* https://stackoverflow.com/questions/7918868/
|
|
|
|
* how-to-escape-xml-entities-in-javascript
|
2019-02-07 11:58:10 -05:00
|
|
|
* @param {!string | !Array.<string>} unsafe Unsafe string.
|
2016-09-13 17:51:17 -04:00
|
|
|
* @return {string} XML-escaped string, for use within an XML tag.
|
|
|
|
*/
|
2017-04-17 15:10:04 -04:00
|
|
|
const xmlEscape = function (unsafe) {
|
2019-02-07 11:58:10 -05:00
|
|
|
if (typeof unsafe !== 'string') {
|
|
|
|
if (Array.isArray(unsafe)) {
|
|
|
|
// This happens when we have hacked blocks from 2.0
|
|
|
|
// See #1030
|
|
|
|
unsafe = String(unsafe);
|
|
|
|
} else {
|
|
|
|
log.error('Unexpected input recieved in replaceUnsafeChars');
|
|
|
|
return unsafe;
|
|
|
|
}
|
|
|
|
}
|
2017-04-17 15:10:04 -04:00
|
|
|
return unsafe.replace(/[<>&'"]/g, c => {
|
2016-09-13 17:51:17 -04:00
|
|
|
switch (c) {
|
|
|
|
case '<': return '<';
|
|
|
|
case '>': return '>';
|
|
|
|
case '&': return '&';
|
|
|
|
case '\'': return ''';
|
|
|
|
case '"': return '"';
|
|
|
|
}
|
|
|
|
});
|
|
|
|
};
|
|
|
|
|
|
|
|
module.exports = xmlEscape;
|