@codady/utils 0.0.36 → 0.0.38

package/examples/renderTpl.html

@@ -0,0 +1,272 @@
+<!DOCTYPE html>
+<html lang="zh-CN">
+
+<head>
+    <meta charset="UTF-8">
+    <title>模板引擎渲染实验场 - 2026 规范重构版</title>
+    <style>
+        :root {
+            --primary: #3498db;
+            --dark: #2c3e50;
+            --bg: #f4f7f9;
+        }
+
+        body {
+            font-family: "PingFang SC", system-ui, sans-serif;
+            line-height: 1.6;
+            max-width: 1100px;
+            margin: 0 auto;
+            padding: 30px;
+            background: var(--bg);
+            color: var(--dark);
+        }
+
+        h1 {
+            border-left: 5px solid var(--primary);
+            padding-left: 15px;
+            font-size: 1.8rem;
+            margin-bottom: 5px;
+        }
+
+        .intro {
+            color: #7f8c8d;
+            margin-bottom: 30px;
+            font-size: 0.95rem;
+        }
+
+        /* 案例卡片样式 */
+        .case-card {
+            background: white;
+            border-radius: 12px;
+            box-shadow: 0 4px 12px rgba(0, 0, 0, 0.08);
+            margin-bottom: 30px;
+            border: 1px solid #e1e8ed;
+            overflow: hidden;
+        }
+
+        .case-header {
+            background: var(--dark);
+            color: white;
+            padding: 12px 20px;
+            font-weight: bold;
+            display: flex;
+            justify-content: space-between;
+            align-items: center;
+        }
+
+        .case-body {
+            display: grid;
+            grid-template-columns: 1fr 1fr;
+            gap: 25px;
+            padding: 20px;
+        }
+
+        /* 模块标题 */
+        .section-title {
+            font-size: 0.75rem;
+            color: #95a5a6;
+            text-transform: uppercase;
+            margin-bottom: 10px;
+            font-weight: 700;
+            letter-spacing: 1px;
+            display: flex;
+            align-items: center;
+        }
+
+        .section-title::before {
+            content: "";
+            display: inline-block;
+            width: 4px;
+            height: 12px;
+            background: var(--primary);
+            margin-right: 8px;
+        }
+
+        pre {
+            background: #1e272e;
+            color: #d2dae2;
+            padding: 15px;
+            border-radius: 6px;
+            margin: 0;
+            font-size: 0.85rem;
+            overflow-x: auto;
+            border: 1px solid #000;
+        }
+
+        .output-rendered {
+            border: 1px solid #dcdde1;
+            border-radius: 6px;
+            padding: 15px;
+            background: #fff;
+            min-height: 60px;
+            white-space: pre-wrap;
+            border: 1px solid #dcdde1;
+        }
+
+        .output-source {
+            background: #fff5e6;
+            border: 1px solid #ffeaa7;
+            padding: 15px;
+            border-radius: 6px;
+            font-family: monospace;
+            font-size: 0.85rem;
+            word-break: break-all;
+            color: #d35400;
+        }
+
+        .tag {
+            background: var(--primary);
+            font-size: 0.7rem;
+            padding: 3px 10px;
+            border-radius: 20px;
+        }
+
+        .desc-text {
+            font-size: 0.85rem;
+            color: #57606f;
+            margin-top: 10px;
+            background: #f1f2f6;
+            padding: 8px 12px;
+            border-radius: 4px;
+        }
+
+
+        @media (max-width: 800px) {
+            .case-body {
+                grid-template-columns: 1fr;
+            }
+        }
+    </style>
+</head>
+
+<body>
+
+    <h1>模板引擎渲染实验场</h1>
+    <p class="intro">采用 <code>&lt;script type="text/template"&gt;</code> 方式解耦模板与逻辑，彻底解决编辑器语法报错问题。</p>
+
+    <script type="text/template" id="tpl-basic">
+        用户：{{ user.name }} (ID: {{ user.id }})
+        总分计算：{{ (math.score + math.bonus) * 1.2 }} 分
+    </script>
+
+    <script type="text/template" id="tpl-xss">
+        最新留言：{{ comment }}
+    </script>
+
+    <script type="text/template" id="tpl-logic">
+        {{ if(this.score >= 60) { /}} 
+            <b style="color:green">✅ 状态：考核通过</b> 
+        {{ } else { /}} 
+            <b style="color:red">❌ 状态：需重修</b> 
+        {{ } /}}
+    </script>
+
+    <script type="text/template" id="tpl-attr">
+        <input type="text" value="{{ val }}" title="{{ val }}">
+    </script>
+
+    <script type="text/template" id="tpl-multiline">
+        第一行：{{ line1 }}
+        第二行：{{ line2 }}
+        --- 模板自带多行演示 ---
+        这是模板里的第一行内容
+        这是模板里的第二行内容
+    </script>
+
+    <div id="demo-root"></div>
+
+    <script src="../dist/utils.umd.js"></script>
+
+    <script>
+        /**
+         * 案例配置列表
+         * templateId: 对应上面定义在 HTML 里的 script ID
+         */
+        const cases = [
+            {
+                title: "1. 基础文本与数值运算",
+                desc: "测试简单的变量替换、深层对象访问以及数学表达式运算。",
+                templateId: "tpl-basic",
+                data: {
+                    user: { name: "张三", id: 8801 },
+                    math: { score: 80, bonus: 10 }
+                },
+                opts: {}
+            },
+            {
+                title: "2. 安全防御：防止 XSS 攻击",
+                desc: "展示 'basic' 强度如何转义危险脚本，确保输出结果安全。",
+                templateId: "tpl-xss",
+                data: { comment: "<script>alert('危险')<\/script>你好，这是黑客的问候" },
+                opts: { escape: 'basic' }
+            },
+            {
+                title: "3. 逻辑控制 (if/else)",
+                desc: "使用 / 后缀标识原生 JS 语句。此时 > 符号在 script 标签内不会引发编辑器报错。",
+                templateId: "tpl-logic",
+                data: { score: 85 },
+                opts: { strict: true }
+            },
+            {
+                title: "4. HTML 属性安全保护",
+                desc: "使用 'attribute' 强度处理引号，防止属性被非法闭合。",
+                templateId: "tpl-attr",
+                data: { val: '双引号 " 和单引号 \' 的混合测试' },
+                opts: { escape: 'attribute' }
+            },
+            {
+                title: "6. 多行文本保留测试",
+                desc: "验证 toSingleLine 是否会误删数据中的换行。期望结果：预览中应保持换行。",
+                templateId: "tpl-multiline",
+                data: {
+                    line1: "我是动态数据的第一行",
+                    line2: "我是动态数据的第二行"
+                },
+                opts: {}
+            }
+        ];
+
+        const root = document.getElementById('demo-root');
+
+        cases.forEach(c => {
+            // A. 从 script 标签获取原始模板内容
+            const templateElement = document.getElementById(c.templateId);
+            const rawTemplate = templateElement ? templateElement.innerHTML.trim() : "";
+
+            // B. 执行渲染
+            let result = "";
+            try {
+                result = utils.renderTpl(rawTemplate, c.data, c.opts);
+            } catch (e) {
+                result = "渲染异常：" + e.message;
+            }
+
+            // C. 动态创建 UI
+            const card = document.createElement('div');
+            card.className = 'case-card';
+            card.innerHTML = `
+                <div class="case-header">
+                    <span>${c.title}</span>
+                    <span class="tag">模式: ${c.opts.escape || '不转义'}</span>
+                </div>
+                <div class="case-body">
+                    <div>
+                        <div class="section-title">输入模板与数据</div>
+                        <pre>模板 (来自 #${c.templateId}):\n${rawTemplate}\n\n数据:\n${JSON.stringify(c.data, null, 2)}</pre>
+                        <div class="desc-text">ℹ️ ${c.desc}</div>
+                    </div>
+                    <div>
+                        <div class="section-title">渲染产物 (HTML 源码)</div>
+                        <div class="output-source">${result.replace(/&/g, '&amp;').replace(/</g, '&lt;').replace(/>/g, '&gt;')}</div>
+                        
+                        <div class="section-title" style="margin-top:20px;">浏览器渲染预览</div>
+                        <div class="output-rendered">${result}</div>
+                    </div>
+                </div>
+            `;
+            root.appendChild(card);
+        });
+    </script>
+</body>
+
+</html>

package/modules.js

@@ -1,11 +1,12 @@
 /**
- * Last modified: 2026/01/15 16:57:10
+ * Last modified: 2026/01/16 14:54:20
  */
 'use strict';
 import deepClone from './src/deepClone';
 import deepCloneToJSON from './src/deepCloneToJSON';
 import getDataType from './src/getDataType';
 import wrapArrayMethods from './src/wrapArrayMethods';
+import renderTpl from './src/renderTpl';
 import requireTypes from './src/requireTypes';
 import getUniqueId from './src/getUniqueId';
 import arrayMutableMethods from './src/arrayMutableMethods';
@@ -35,6 +36,11 @@ import typeWriter from './src/typeWriter';
 import parseLLMStream from './src/parseLLMStream';
 import toKebabCase from './src/toKebabCase';
 import trimEmptyLines from './src/trimEmptyLines';
+import decodeHtmlEntities from './src/decodeHtmlEntities';
+import escapeHTML from './src/escapeHTML';
+import escapeRegexMaps from './src/escapeRegexMaps';
+import escapeCharsMaps from './src/escapeCharsMaps';
+import toSingleLine from './src/toSingleLine';
 const utils = {
     //executeStr,
     getDataType,
@@ -72,5 +78,11 @@ const utils = {
     parseLLMStream,
     toKebabCase,
     trimEmptyLines,
+    decodeHtmlEntities,
+    escapeCharsMaps,
+    escapeRegexMaps,
+    escapeHTML,
+    toSingleLine,
+    renderTpl,
 };
 export default utils;

package/modules.ts

@@ -1,5 +1,5 @@
 /**
- * Last modified: 2026/01/15 16:57:10
+ * Last modified: 2026/01/16 14:54:20
  */
 'use strict'
 import deepClone from './src/deepClone';
@@ -43,6 +43,11 @@ import typeWriter from './src/typeWriter';
 import parseLLMStream from './src/parseLLMStream';
 import toKebabCase from './src/toKebabCase';
 import trimEmptyLines from './src/trimEmptyLines';
+import decodeHtmlEntities from './src/decodeHtmlEntities';
+import escapeHTML from './src/escapeHTML';
+import escapeRegexMaps from './src/escapeRegexMaps';
+import escapeCharsMaps from './src/escapeCharsMaps';
+import toSingleLine from './src/toSingleLine';
 
 const utils = {
   //executeStr,
@@ -81,6 +86,12 @@ const utils = {
   parseLLMStream,
   toKebabCase,
   trimEmptyLines,
+  decodeHtmlEntities,
+  escapeCharsMaps,
+  escapeRegexMaps,
+  escapeHTML,
+  toSingleLine,
+  renderTpl,
  
 };
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@codady/utils",
-  "version": "0.0.36",
+  "version": "0.0.38",
   "author": "AXUI Development Team",
   "license": "MIT",
   "description": "This is a set of general-purpose JavaScript utility functions developed by the AXUI team. All functions are pure and do not involve CSS or other third-party libraries. They are suitable for any web front-end environment.",

package/src/comma - /345/211/257/346/234/254.js"

@@ -0,0 +1,2 @@
+const COMMA = ',';
+export default COMMA;

package/src/decodeHtmlEntities.js

@@ -0,0 +1,25 @@
+/**
+ * @since Last modified: 2026/01/15 18:55:49
+ * This function decodes HTML entities in a string back to their corresponding characters.
+ * It handles the following entities:
+ *  - '&' -> '&'
+ *  - '&lt;' -> '<'
+ *  - '&gt;' -> '>'
+ *  - '&quot;' -> '"'
+ *  - '&#39;' -> "'"
+ *
+ * This is commonly used to convert HTML-encoded strings back into their original form.
+ *
+ * @param {string} text - The HTML-encoded string that needs to be decoded.
+ * @returns {string} - A new string with HTML entities replaced by their corresponding characters.
+ */
+const decodeHtmlEntities = (text) => {
+    // Check if the input text is empty or undefined
+    if (!text)
+        return '';
+    // Use the browser's built-in method to decode HTML entities by setting the text as innerHTML of a temporary element
+    const textArea = document.createElement('textarea');
+    textArea.innerHTML = text; // The browser will automatically decode the HTML entities
+    return textArea.value; // Get the decoded string from the text area
+};
+export default decodeHtmlEntities;

package/src/decodeHtmlEntities.ts

@@ -0,0 +1,26 @@
+/**
+ * @since Last modified: 2026/01/15 18:55:49
+ * This function decodes HTML entities in a string back to their corresponding characters.
+ * It handles the following entities:
+ *  - '&' -> '&'
+ *  - '&lt;' -> '<'
+ *  - '&gt;' -> '>'
+ *  - '&quot;' -> '"'
+ *  - '&#39;' -> "'"
+ *
+ * This is commonly used to convert HTML-encoded strings back into their original form.
+ *
+ * @param {string} text - The HTML-encoded string that needs to be decoded.
+ * @returns {string} - A new string with HTML entities replaced by their corresponding characters.
+ */
+const decodeHtmlEntities = (text: string): string => {
+  // Check if the input text is empty or undefined
+  if (!text) return '';
+
+  // Use the browser's built-in method to decode HTML entities by setting the text as innerHTML of a temporary element
+  const textArea = document.createElement('textarea');
+  textArea.innerHTML = text; // The browser will automatically decode the HTML entities
+  return textArea.value; // Get the decoded string from the text area
+}
+
+export default decodeHtmlEntities;

package/src/escapeCharsMaps.js

@@ -0,0 +1,73 @@
+/**
+ * @since Last modified: 2026/01/16 14:49:39
+ * escapeCharsMaps
+ * A collection of character escape mappings for different contexts in HTML and URI encoding.
+ *
+ * This object provides a set of character replacement mappings for use in different contexts such as:
+ * - `basic`: For basic HTML encoding (useful for preventing basic HTML injection).
+ * - `attribute`: For encoding characters within HTML attributes (useful for attributes like `src`, `href`).
+ * - `content`: For encoding characters within HTML content (useful for preventing XSS).
+ * - `uri`: For encoding characters in URIs (useful in attributes like `href` or `src`).
+ * - `paranoid`: A very strict escape for all potentially dangerous characters (useful for paranoid security contexts).
+ *
+ */
+const escapeCharsMaps = {
+    //code或pre标签中代码高亮是使用basic
+    basic: {
+        '&': '&',
+        '<': '&lt;',
+        '>': '&gt;',
+    },
+    //需要用在标签属性上attribute
+    attribute: {
+        '&': '&amp;',
+        '<': '&lt;',
+        '>': '&gt;',
+        '"': '&quot;',
+        "'": '&apos;',
+        '`': '&#x60;',
+    },
+    //html中的正文内容使用content
+    content: {
+        '&': '&amp;',
+        '<': '&lt;',
+        '>': '&gt;',
+        '"': '&quot;',
+        "'": '&apos;',
+        '/': '&#x2F;',
+    },
+    //用于url链接则使用uri
+    uri: {
+        '&': '&amp;',
+        '<': '&lt;',
+        '>': '&gt;',
+        '"': '&quot;',
+        "'": '&apos;',
+        '(': '&#40;',
+        ')': '&#41;',
+        '[': '&#91;',
+        ']': '&#93;',
+    },
+    //极致转意，避免任何注入或非法代码
+    paranoid: {
+        '&': '&amp;',
+        '<': '&lt;',
+        '>': '&gt;',
+        '"': '&quot;',
+        "'": '&apos;',
+        '`': '&#x60;',
+        '/': '&#x2F;',
+        '=': '&#x3D;',
+        '!': '&#x21;',
+        '#': '&#x23;',
+        '(': '&#40;',
+        ')': '&#41;',
+        '[': '&#91;',
+        ']': '&#93;',
+        '{': '&#x7B;',
+        '}': '&#x7D;',
+        ':': '&#x3A;',
+        ';': '&#x3B;',
+    },
+};
+export default escapeCharsMaps;

package/src/escapeCharsMaps.ts

@@ -0,0 +1,74 @@
+/**
+ * @since Last modified: 2026/01/16 14:49:39
+ * escapeCharsMaps
+ * A collection of character escape mappings for different contexts in HTML and URI encoding.
+ *
+ * This object provides a set of character replacement mappings for use in different contexts such as:
+ * - `basic`: For basic HTML encoding (useful for preventing basic HTML injection).
+ * - `attribute`: For encoding characters within HTML attributes (useful for attributes like `src`, `href`).
+ * - `content`: For encoding characters within HTML content (useful for preventing XSS).
+ * - `uri`: For encoding characters in URIs (useful in attributes like `href` or `src`).
+ * - `paranoid`: A very strict escape for all potentially dangerous characters (useful for paranoid security contexts).
+ * 
+ */
+
+const escapeCharsMaps : Record<string, Record<string, string>> = {
+    //code或pre标签中代码高亮是使用basic
+    basic: {
+        '&': '&amp;',
+        '<': '&lt;',
+        '>': '&gt;',
+    },
+    //需要用在标签属性上attribute
+    attribute: {
+        '&': '&amp;',
+        '<': '&lt;',
+        '>': '&gt;',
+        '"': '&quot;',
+        "'": '&apos;',
+        '`': '&#x60;',
+    },
+    //html中的正文内容使用content
+    content: {
+        '&': '&amp;',
+        '<': '&lt;',
+        '>': '&gt;',
+        '"': '&quot;',
+        "'": '&apos;',
+        '/': '&#x2F;',
+    },
+    //用于url链接则使用uri
+    uri: {
+        '&': '&amp;',
+        '<': '&lt;',
+        '>': '&gt;',
+        '"': '&quot;',
+        "'": '&apos;',
+        '(': '&#40;',
+        ')': '&#41;',
+        '[': '&#91;',
+        ']': '&#93;',
+    },
+    //极致转意，避免任何注入或非法代码
+    paranoid: {
+        '&': '&amp;',
+        '<': '&lt;',
+        '>': '&gt;',
+        '"': '&quot;',
+        "'": '&apos;',
+        '`': '&#x60;',
+        '/': '&#x2F;',
+        '=': '&#x3D;',
+        '!': '&#x21;',
+        '#': '&#x23;',
+        '(': '&#40;',
+        ')': '&#41;',
+        '[': '&#91;',
+        ']': '&#93;',
+        '{': '&#x7B;',
+        '}': '&#x7D;',
+        ':': '&#x3A;',
+        ';': '&#x3B;',
+    },
+};
+export default escapeCharsMaps;

package/src/escapeHTML.js

@@ -1,29 +1,27 @@
 /**
+ * @since Last modified: 2026/01/16 14:47:26
  * @function escapeHTML
- * @description Escapes HTML characters in a string to prevent XSS attacks.
- * This function replaces special characters such as <, >, &, ", ', etc. with their corresponding HTML entities.
- *
- * @param {string} str - The input string to be escaped.
- * @returns {string} - The escaped string with special HTML characters replaced by HTML entities.
- *
- * @example
- * escapeHTML("<div>Hello & 'world'</div>");
- * // returns "&lt;div&gt;Hello &amp; &#39;world&#39;&lt;/div&gt;"
+* Escapes special characters in a string to prevent Cross-Site Scripting (XSS) attacks.
+ * * @param str - The raw string to be escaped.
+ * @param context - The context where the escaped string will be placed.
+ * Defaults to 'basic'.
+ * @returns The escaped string safe for the specified HTML context.
+ * * @example
+ * // Basic usage (HTML Body)
+ * escapeHTML('<script>', 'basic'); // "&lt;script&gt;"
+ * * @example
+ * // Attribute usage (e.g., <input value="...">)
+ * escapeHTML('value" onmouseover="alert(1)', 'attribute');
  */
-export const escapeHTML = (str) => {
-    // Mapping of HTML special characters to their corresponding HTML entities
-    const escapes = {
-        '&': '&amp;',
-        '<': '&lt;',
-        '>': '&gt;',
-        '"': '&quot;',
-        "'": '&#39;',
-        '`': '&#96;',
-        '=': '&#61;',
-        '/': '&#47;'
-    };
-    // Replace each special character in the input string with its corresponding HTML entity
-    return str.replace(/[&<>"'`=\/]/g, (match) => {
-        return escapes[match];
-    });
+import escapeCharsMaps from "./escapeCharsMaps";
+import escapeRegexMaps from "./escapeRegexMaps";
+const escapeHTML = (str, strength = 'attribute') => {
+    // Return empty string if input is null, undefined, or not a string
+    if (typeof str !== 'string')
+        return '';
+    const map = escapeCharsMaps[strength], regex = escapeRegexMaps[strength];
+    // Use String.prototype.replace with a global regex.
+    // The callback function retrieves the replacement from the map using the matched character as key.
+    return str.replace(regex, (match) => map[match]);
 };
+export default escapeHTML;

package/src/escapeHTML.ts

@@ -1,30 +1,34 @@
 /**
+ * @since Last modified: 2026/01/16 14:47:26
  * @function escapeHTML
- * @description Escapes HTML characters in a string to prevent XSS attacks.
- * This function replaces special characters such as <, >, &, ", ', etc. with their corresponding HTML entities.
- * 
- * @param {string} str - The input string to be escaped.
- * @returns {string} - The escaped string with special HTML characters replaced by HTML entities.
- * 
- * @example
- * escapeHTML("<div>Hello & 'world'</div>"); 
- * // returns "&lt;div&gt;Hello &amp; &#39;world&#39;&lt;/div&gt;"
+* Escapes special characters in a string to prevent Cross-Site Scripting (XSS) attacks.
+ * * @param str - The raw string to be escaped.
+ * @param context - The context where the escaped string will be placed. 
+ * Defaults to 'basic'.
+ * @returns The escaped string safe for the specified HTML context.
+ * * @example
+ * // Basic usage (HTML Body)
+ * escapeHTML('<script>', 'basic'); // "&lt;script&gt;"
+ * * @example
+ * // Attribute usage (e.g., <input value="...">)
+ * escapeHTML('value" onmouseover="alert(1)', 'attribute');
  */
-export const escapeHTML = (str: string): string => {
-    // Mapping of HTML special characters to their corresponding HTML entities
-    const escapes: { [key: string]: string } = {
-        '&': '&amp;',
-        '<': '&lt;',
-        '>': '&gt;',
-        '"': '&quot;',
-        "'": '&#39;',
-        '`': '&#96;',
-        '=': '&#61;',
-        '/': '&#47;'
-    };
+import escapeCharsMaps from "./escapeCharsMaps";
+import escapeRegexMaps from "./escapeRegexMaps";
 
-    // Replace each special character in the input string with its corresponding HTML entity
-    return str.replace(/[&<>"'`=\/]/g, (match) => {
-        return escapes[match];
-    });
+export type EscapeStrength = 'basic' | 'attribute' | 'content' | 'uri' | 'paranoid';
+
+const escapeHTML = (
+    str: string,
+    strength: EscapeStrength = 'attribute'
+): string => {
+    // Return empty string if input is null, undefined, or not a string
+    if (typeof str !== 'string') return '';
+
+    const map = escapeCharsMaps[strength],
+        regex = escapeRegexMaps[strength];
+    // Use String.prototype.replace with a global regex.
+    // The callback function retrieves the replacement from the map using the matched character as key.
+    return str.replace(regex, (match) => map[match]);
 };
+export default escapeHTML;