@naturalcycles/js-lib 15.76.1 → 15.77.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/string/escape.d.ts +2 -1
- package/dist/string/escape.js +0 -1
- package/dist/types.d.ts +4 -0
- package/package.json +1 -1
- package/src/string/escape.ts +6 -4
- package/src/types.ts +5 -0
package/dist/string/escape.d.ts
CHANGED
|
@@ -1,2 +1,3 @@
|
|
|
1
|
-
|
|
1
|
+
import type { SafeHtml } from '../types.js';
|
|
2
|
+
export declare function htmlEscape(strings: string | TemplateStringsArray, ...values: any[]): SafeHtml;
|
|
2
3
|
export declare function htmlUnescape(strings: string | TemplateStringsArray, ...values: any[]): string;
|
package/dist/string/escape.js
CHANGED
package/dist/types.d.ts
CHANGED
|
@@ -276,6 +276,10 @@ export type Base64UrlString = string;
|
|
|
276
276
|
export type JWTString = string;
|
|
277
277
|
export declare const JWT_REGEX: RegExp;
|
|
278
278
|
export type SemVerString = string;
|
|
279
|
+
/**
|
|
280
|
+
* HTML string that was safely escaped/sanitized.
|
|
281
|
+
*/
|
|
282
|
+
export type SafeHtml = Branded<string, 'SafeHtml'>;
|
|
279
283
|
/**
|
|
280
284
|
* Named type for JSON.parse / JSON.stringify second argument
|
|
281
285
|
*/
|
package/package.json
CHANGED
package/src/string/escape.ts
CHANGED
|
@@ -12,13 +12,15 @@ Reasons:
|
|
|
12
12
|
*/
|
|
13
13
|
|
|
14
14
|
// Multiple `.replace()` calls are actually faster than using replacer functions
|
|
15
|
-
|
|
15
|
+
import type { SafeHtml } from '../types.js'
|
|
16
|
+
|
|
17
|
+
function _htmlEscape(s: string): SafeHtml {
|
|
16
18
|
return s
|
|
17
19
|
.replaceAll('&', '&') // Must happen first or else it will escape other just-escaped characters.
|
|
18
20
|
.replaceAll('"', '"')
|
|
19
21
|
.replaceAll("'", ''')
|
|
20
22
|
.replaceAll('<', '<')
|
|
21
|
-
.replaceAll('>', '>')
|
|
23
|
+
.replaceAll('>', '>') as SafeHtml
|
|
22
24
|
}
|
|
23
25
|
|
|
24
26
|
function _htmlUnescape(html: string): string {
|
|
@@ -30,7 +32,7 @@ function _htmlUnescape(html: string): string {
|
|
|
30
32
|
.replaceAll('&', '&') // Must happen last or else it will unescape other characters in the wrong order.
|
|
31
33
|
}
|
|
32
34
|
|
|
33
|
-
export function htmlEscape(strings: string | TemplateStringsArray, ...values: any[]):
|
|
35
|
+
export function htmlEscape(strings: string | TemplateStringsArray, ...values: any[]): SafeHtml {
|
|
34
36
|
if (typeof strings === 'string') {
|
|
35
37
|
return _htmlEscape(strings)
|
|
36
38
|
}
|
|
@@ -40,7 +42,7 @@ export function htmlEscape(strings: string | TemplateStringsArray, ...values: an
|
|
|
40
42
|
output = output + _htmlEscape(String(value)) + strings[index + 1]
|
|
41
43
|
}
|
|
42
44
|
|
|
43
|
-
return output
|
|
45
|
+
return output as SafeHtml
|
|
44
46
|
}
|
|
45
47
|
|
|
46
48
|
export function htmlUnescape(strings: string | TemplateStringsArray, ...values: any[]): string {
|
package/src/types.ts
CHANGED
|
@@ -347,6 +347,11 @@ export const JWT_REGEX = /^[\w-]+\.[\w-]+\.[\w-]+$/
|
|
|
347
347
|
|
|
348
348
|
export type SemVerString = string
|
|
349
349
|
|
|
350
|
+
/**
|
|
351
|
+
* HTML string that was safely escaped/sanitized.
|
|
352
|
+
*/
|
|
353
|
+
export type SafeHtml = Branded<string, 'SafeHtml'>
|
|
354
|
+
|
|
350
355
|
/**
|
|
351
356
|
* Named type for JSON.parse / JSON.stringify second argument
|
|
352
357
|
*/
|