@wordpress/escape-html 3.31.1-next.f56bd8138.0 → 3.32.1-next.47f435fc9.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +2 -0
- package/build/escape-greater.js +23 -18
- package/build/escape-greater.js.map +7 -1
- package/build/index.js +56 -114
- package/build/index.js.map +7 -1
- package/build-module/escape-greater.js +6 -15
- package/build-module/escape-greater.js.map +7 -1
- package/build-module/index.js +25 -110
- package/build-module/index.js.map +7 -1
- package/package.json +10 -5
package/CHANGELOG.md
CHANGED
package/build/escape-greater.js
CHANGED
|
@@ -1,22 +1,27 @@
|
|
|
1
1
|
"use strict";
|
|
2
|
-
|
|
3
|
-
Object.
|
|
4
|
-
|
|
2
|
+
var __defProp = Object.defineProperty;
|
|
3
|
+
var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
|
|
4
|
+
var __getOwnPropNames = Object.getOwnPropertyNames;
|
|
5
|
+
var __hasOwnProp = Object.prototype.hasOwnProperty;
|
|
6
|
+
var __export = (target, all) => {
|
|
7
|
+
for (var name in all)
|
|
8
|
+
__defProp(target, name, { get: all[name], enumerable: true });
|
|
9
|
+
};
|
|
10
|
+
var __copyProps = (to, from, except, desc) => {
|
|
11
|
+
if (from && typeof from === "object" || typeof from === "function") {
|
|
12
|
+
for (let key of __getOwnPropNames(from))
|
|
13
|
+
if (!__hasOwnProp.call(to, key) && key !== except)
|
|
14
|
+
__defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
|
|
15
|
+
}
|
|
16
|
+
return to;
|
|
17
|
+
};
|
|
18
|
+
var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
|
|
19
|
+
var escape_greater_exports = {};
|
|
20
|
+
__export(escape_greater_exports, {
|
|
21
|
+
default: () => __unstableEscapeGreaterThan
|
|
5
22
|
});
|
|
6
|
-
exports
|
|
7
|
-
/**
|
|
8
|
-
* Returns a string with greater-than sign replaced.
|
|
9
|
-
*
|
|
10
|
-
* Note that if a resolution for Trac#45387 comes to fruition, it is no longer
|
|
11
|
-
* necessary for `__unstableEscapeGreaterThan` to exist.
|
|
12
|
-
*
|
|
13
|
-
* See: https://core.trac.wordpress.org/ticket/45387
|
|
14
|
-
*
|
|
15
|
-
* @param value Original string.
|
|
16
|
-
*
|
|
17
|
-
* @return Escaped string.
|
|
18
|
-
*/
|
|
23
|
+
module.exports = __toCommonJS(escape_greater_exports);
|
|
19
24
|
function __unstableEscapeGreaterThan(value) {
|
|
20
|
-
return value.replace(/>/g,
|
|
25
|
+
return value.replace(/>/g, ">");
|
|
21
26
|
}
|
|
22
|
-
//# sourceMappingURL=escape-greater.js.map
|
|
27
|
+
//# sourceMappingURL=escape-greater.js.map
|
|
@@ -1 +1,7 @@
|
|
|
1
|
-
{
|
|
1
|
+
{
|
|
2
|
+
"version": 3,
|
|
3
|
+
"sources": ["../src/escape-greater.ts"],
|
|
4
|
+
"sourcesContent": ["/**\n * Returns a string with greater-than sign replaced.\n *\n * Note that if a resolution for Trac#45387 comes to fruition, it is no longer\n * necessary for `__unstableEscapeGreaterThan` to exist.\n *\n * See: https://core.trac.wordpress.org/ticket/45387\n *\n * @param value Original string.\n *\n * @return Escaped string.\n */\nexport default function __unstableEscapeGreaterThan( value: string ): string {\n\treturn value.replace( />/g, '>' );\n}\n"],
|
|
5
|
+
"mappings": ";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAYe,SAAR,4BAA8C,OAAwB;AAC5E,SAAO,MAAM,QAAS,MAAM,MAAO;AACpC;",
|
|
6
|
+
"names": []
|
|
7
|
+
}
|
package/build/index.js
CHANGED
|
@@ -1,133 +1,75 @@
|
|
|
1
1
|
"use strict";
|
|
2
|
-
|
|
3
|
-
var
|
|
4
|
-
Object.
|
|
5
|
-
|
|
2
|
+
var __create = Object.create;
|
|
3
|
+
var __defProp = Object.defineProperty;
|
|
4
|
+
var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
|
|
5
|
+
var __getOwnPropNames = Object.getOwnPropertyNames;
|
|
6
|
+
var __getProtoOf = Object.getPrototypeOf;
|
|
7
|
+
var __hasOwnProp = Object.prototype.hasOwnProperty;
|
|
8
|
+
var __export = (target, all) => {
|
|
9
|
+
for (var name in all)
|
|
10
|
+
__defProp(target, name, { get: all[name], enumerable: true });
|
|
11
|
+
};
|
|
12
|
+
var __copyProps = (to, from, except, desc) => {
|
|
13
|
+
if (from && typeof from === "object" || typeof from === "function") {
|
|
14
|
+
for (let key of __getOwnPropNames(from))
|
|
15
|
+
if (!__hasOwnProp.call(to, key) && key !== except)
|
|
16
|
+
__defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
|
|
17
|
+
}
|
|
18
|
+
return to;
|
|
19
|
+
};
|
|
20
|
+
var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
|
|
21
|
+
// If the importer is in node compatibility mode or this is not an ESM
|
|
22
|
+
// file that has been converted to a CommonJS file using a Babel-
|
|
23
|
+
// compatible transform (i.e. "__esModule" has not been set), then set
|
|
24
|
+
// "default" to the CommonJS "module.exports" for node compatibility.
|
|
25
|
+
isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
|
|
26
|
+
mod
|
|
27
|
+
));
|
|
28
|
+
var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
|
|
29
|
+
var index_exports = {};
|
|
30
|
+
__export(index_exports, {
|
|
31
|
+
escapeAmpersand: () => escapeAmpersand,
|
|
32
|
+
escapeAttribute: () => escapeAttribute,
|
|
33
|
+
escapeEditableHTML: () => escapeEditableHTML,
|
|
34
|
+
escapeHTML: () => escapeHTML,
|
|
35
|
+
escapeLessThan: () => escapeLessThan,
|
|
36
|
+
escapeQuotationMark: () => escapeQuotationMark,
|
|
37
|
+
isValidAttributeName: () => isValidAttributeName
|
|
6
38
|
});
|
|
7
|
-
exports
|
|
8
|
-
|
|
9
|
-
exports.escapeEditableHTML = escapeEditableHTML;
|
|
10
|
-
exports.escapeHTML = escapeHTML;
|
|
11
|
-
exports.escapeLessThan = escapeLessThan;
|
|
12
|
-
exports.escapeQuotationMark = escapeQuotationMark;
|
|
13
|
-
exports.isValidAttributeName = isValidAttributeName;
|
|
14
|
-
var _escapeGreater = _interopRequireDefault(require("./escape-greater"));
|
|
15
|
-
/**
|
|
16
|
-
* Internal dependencies
|
|
17
|
-
*/
|
|
18
|
-
|
|
19
|
-
/**
|
|
20
|
-
* Regular expression matching invalid attribute names.
|
|
21
|
-
*
|
|
22
|
-
* "Attribute names must consist of one or more characters other than controls,
|
|
23
|
-
* U+0020 SPACE, U+0022 ("), U+0027 ('), U+003E (>), U+002F (/), U+003D (=),
|
|
24
|
-
* and noncharacters."
|
|
25
|
-
*
|
|
26
|
-
* @see https://html.spec.whatwg.org/multipage/syntax.html#attributes-2
|
|
27
|
-
*/
|
|
39
|
+
module.exports = __toCommonJS(index_exports);
|
|
40
|
+
var import_escape_greater = __toESM(require("./escape-greater"));
|
|
28
41
|
const REGEXP_INVALID_ATTRIBUTE_NAME = /[\u007F-\u009F "'>/="\uFDD0-\uFDEF]/;
|
|
29
|
-
|
|
30
|
-
/**
|
|
31
|
-
* Returns a string with ampersands escaped. Note that this is an imperfect
|
|
32
|
-
* implementation, where only ampersands which do not appear as a pattern of
|
|
33
|
-
* named, decimal, or hexadecimal character references are escaped. Invalid
|
|
34
|
-
* named references (i.e. ambiguous ampersand) are still permitted.
|
|
35
|
-
*
|
|
36
|
-
* @see https://w3c.github.io/html/syntax.html#character-references
|
|
37
|
-
* @see https://w3c.github.io/html/syntax.html#ambiguous-ampersand
|
|
38
|
-
* @see https://w3c.github.io/html/syntax.html#named-character-references
|
|
39
|
-
*
|
|
40
|
-
* @param value Original string.
|
|
41
|
-
*
|
|
42
|
-
* @return Escaped string.
|
|
43
|
-
*/
|
|
44
42
|
function escapeAmpersand(value) {
|
|
45
|
-
return value.replace(/&(?!([a-z0-9]+|#[0-9]+|#x[a-f0-9]+);)/gi,
|
|
43
|
+
return value.replace(/&(?!([a-z0-9]+|#[0-9]+|#x[a-f0-9]+);)/gi, "&");
|
|
46
44
|
}
|
|
47
|
-
|
|
48
|
-
/**
|
|
49
|
-
* Returns a string with quotation marks replaced.
|
|
50
|
-
*
|
|
51
|
-
* @param value Original string.
|
|
52
|
-
*
|
|
53
|
-
* @return Escaped string.
|
|
54
|
-
*/
|
|
55
45
|
function escapeQuotationMark(value) {
|
|
56
|
-
return value.replace(/"/g,
|
|
46
|
+
return value.replace(/"/g, """);
|
|
57
47
|
}
|
|
58
|
-
|
|
59
|
-
/**
|
|
60
|
-
* Returns a string with less-than sign replaced.
|
|
61
|
-
*
|
|
62
|
-
* @param value Original string.
|
|
63
|
-
*
|
|
64
|
-
* @return Escaped string.
|
|
65
|
-
*/
|
|
66
48
|
function escapeLessThan(value) {
|
|
67
|
-
return value.replace(/</g,
|
|
49
|
+
return value.replace(/</g, "<");
|
|
68
50
|
}
|
|
69
|
-
|
|
70
|
-
/**
|
|
71
|
-
* Returns an escaped attribute value.
|
|
72
|
-
*
|
|
73
|
-
* @see https://w3c.github.io/html/syntax.html#elements-attributes
|
|
74
|
-
*
|
|
75
|
-
* "[...] the text cannot contain an ambiguous ampersand [...] must not contain
|
|
76
|
-
* any literal U+0022 QUOTATION MARK characters (")"
|
|
77
|
-
*
|
|
78
|
-
* Note we also escape the greater than symbol, as this is used by wptexturize to
|
|
79
|
-
* split HTML strings. This is a WordPress specific fix
|
|
80
|
-
*
|
|
81
|
-
* Note that if a resolution for Trac#45387 comes to fruition, it is no longer
|
|
82
|
-
* necessary for `__unstableEscapeGreaterThan` to be used.
|
|
83
|
-
*
|
|
84
|
-
* See: https://core.trac.wordpress.org/ticket/45387
|
|
85
|
-
*
|
|
86
|
-
* @param value Attribute value.
|
|
87
|
-
*
|
|
88
|
-
* @return Escaped attribute value.
|
|
89
|
-
*/
|
|
90
51
|
function escapeAttribute(value) {
|
|
91
|
-
return (0,
|
|
52
|
+
return (0, import_escape_greater.default)(
|
|
53
|
+
escapeQuotationMark(escapeAmpersand(value))
|
|
54
|
+
);
|
|
92
55
|
}
|
|
93
|
-
|
|
94
|
-
/**
|
|
95
|
-
* Returns an escaped HTML element value.
|
|
96
|
-
*
|
|
97
|
-
* @see https://w3c.github.io/html/syntax.html#writing-html-documents-elements
|
|
98
|
-
*
|
|
99
|
-
* "the text must not contain the character U+003C LESS-THAN SIGN (<) or an
|
|
100
|
-
* ambiguous ampersand."
|
|
101
|
-
*
|
|
102
|
-
* @param value Element value.
|
|
103
|
-
*
|
|
104
|
-
* @return Escaped HTML element value.
|
|
105
|
-
*/
|
|
106
56
|
function escapeHTML(value) {
|
|
107
57
|
return escapeLessThan(escapeAmpersand(value));
|
|
108
58
|
}
|
|
109
|
-
|
|
110
|
-
/**
|
|
111
|
-
* Returns an escaped Editable HTML element value. This is different from
|
|
112
|
-
* `escapeHTML`, because for editable HTML, ALL ampersands must be escaped in
|
|
113
|
-
* order to render the content correctly on the page.
|
|
114
|
-
*
|
|
115
|
-
* @param value Element value.
|
|
116
|
-
*
|
|
117
|
-
* @return Escaped HTML element value.
|
|
118
|
-
*/
|
|
119
59
|
function escapeEditableHTML(value) {
|
|
120
|
-
return escapeLessThan(value.replace(/&/g,
|
|
60
|
+
return escapeLessThan(value.replace(/&/g, "&"));
|
|
121
61
|
}
|
|
122
|
-
|
|
123
|
-
/**
|
|
124
|
-
* Returns true if the given attribute name is valid, or false otherwise.
|
|
125
|
-
*
|
|
126
|
-
* @param name Attribute name to test.
|
|
127
|
-
*
|
|
128
|
-
* @return Whether attribute is valid.
|
|
129
|
-
*/
|
|
130
62
|
function isValidAttributeName(name) {
|
|
131
63
|
return !REGEXP_INVALID_ATTRIBUTE_NAME.test(name);
|
|
132
64
|
}
|
|
133
|
-
|
|
65
|
+
// Annotate the CommonJS export names for ESM import in node:
|
|
66
|
+
0 && (module.exports = {
|
|
67
|
+
escapeAmpersand,
|
|
68
|
+
escapeAttribute,
|
|
69
|
+
escapeEditableHTML,
|
|
70
|
+
escapeHTML,
|
|
71
|
+
escapeLessThan,
|
|
72
|
+
escapeQuotationMark,
|
|
73
|
+
isValidAttributeName
|
|
74
|
+
});
|
|
75
|
+
//# sourceMappingURL=index.js.map
|
package/build/index.js.map
CHANGED
|
@@ -1 +1,7 @@
|
|
|
1
|
-
{
|
|
1
|
+
{
|
|
2
|
+
"version": 3,
|
|
3
|
+
"sources": ["../src/index.ts"],
|
|
4
|
+
"sourcesContent": ["/**\n * Internal dependencies\n */\nimport __unstableEscapeGreaterThan from './escape-greater';\n\n/**\n * Regular expression matching invalid attribute names.\n *\n * \"Attribute names must consist of one or more characters other than controls,\n * U+0020 SPACE, U+0022 (\"), U+0027 ('), U+003E (>), U+002F (/), U+003D (=),\n * and noncharacters.\"\n *\n * @see https://html.spec.whatwg.org/multipage/syntax.html#attributes-2\n */\nconst REGEXP_INVALID_ATTRIBUTE_NAME: RegExp =\n\t/[\\u007F-\\u009F \"'>/=\"\\uFDD0-\\uFDEF]/;\n\n/**\n * Returns a string with ampersands escaped. Note that this is an imperfect\n * implementation, where only ampersands which do not appear as a pattern of\n * named, decimal, or hexadecimal character references are escaped. Invalid\n * named references (i.e. ambiguous ampersand) are still permitted.\n *\n * @see https://w3c.github.io/html/syntax.html#character-references\n * @see https://w3c.github.io/html/syntax.html#ambiguous-ampersand\n * @see https://w3c.github.io/html/syntax.html#named-character-references\n *\n * @param value Original string.\n *\n * @return Escaped string.\n */\nexport function escapeAmpersand( value: string ): string {\n\treturn value.replace( /&(?!([a-z0-9]+|#[0-9]+|#x[a-f0-9]+);)/gi, '&' );\n}\n\n/**\n * Returns a string with quotation marks replaced.\n *\n * @param value Original string.\n *\n * @return Escaped string.\n */\nexport function escapeQuotationMark( value: string ): string {\n\treturn value.replace( /\"/g, '"' );\n}\n\n/**\n * Returns a string with less-than sign replaced.\n *\n * @param value Original string.\n *\n * @return Escaped string.\n */\nexport function escapeLessThan( value: string ): string {\n\treturn value.replace( /</g, '<' );\n}\n\n/**\n * Returns an escaped attribute value.\n *\n * @see https://w3c.github.io/html/syntax.html#elements-attributes\n *\n * \"[...] the text cannot contain an ambiguous ampersand [...] must not contain\n * any literal U+0022 QUOTATION MARK characters (\")\"\n *\n * Note we also escape the greater than symbol, as this is used by wptexturize to\n * split HTML strings. This is a WordPress specific fix\n *\n * Note that if a resolution for Trac#45387 comes to fruition, it is no longer\n * necessary for `__unstableEscapeGreaterThan` to be used.\n *\n * See: https://core.trac.wordpress.org/ticket/45387\n *\n * @param value Attribute value.\n *\n * @return Escaped attribute value.\n */\nexport function escapeAttribute( value: string ): string {\n\treturn __unstableEscapeGreaterThan(\n\t\tescapeQuotationMark( escapeAmpersand( value ) )\n\t);\n}\n\n/**\n * Returns an escaped HTML element value.\n *\n * @see https://w3c.github.io/html/syntax.html#writing-html-documents-elements\n *\n * \"the text must not contain the character U+003C LESS-THAN SIGN (<) or an\n * ambiguous ampersand.\"\n *\n * @param value Element value.\n *\n * @return Escaped HTML element value.\n */\nexport function escapeHTML( value: string ): string {\n\treturn escapeLessThan( escapeAmpersand( value ) );\n}\n\n/**\n * Returns an escaped Editable HTML element value. This is different from\n * `escapeHTML`, because for editable HTML, ALL ampersands must be escaped in\n * order to render the content correctly on the page.\n *\n * @param value Element value.\n *\n * @return Escaped HTML element value.\n */\nexport function escapeEditableHTML( value: string ): string {\n\treturn escapeLessThan( value.replace( /&/g, '&' ) );\n}\n\n/**\n * Returns true if the given attribute name is valid, or false otherwise.\n *\n * @param name Attribute name to test.\n *\n * @return Whether attribute is valid.\n */\nexport function isValidAttributeName( name: string ): boolean {\n\treturn ! REGEXP_INVALID_ATTRIBUTE_NAME.test( name );\n}\n"],
|
|
5
|
+
"mappings": ";;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAGA,4BAAwC;AAWxC,MAAM,gCACL;AAgBM,SAAS,gBAAiB,OAAwB;AACxD,SAAO,MAAM,QAAS,2CAA2C,OAAQ;AAC1E;AASO,SAAS,oBAAqB,OAAwB;AAC5D,SAAO,MAAM,QAAS,MAAM,QAAS;AACtC;AASO,SAAS,eAAgB,OAAwB;AACvD,SAAO,MAAM,QAAS,MAAM,MAAO;AACpC;AAsBO,SAAS,gBAAiB,OAAwB;AACxD,aAAO,sBAAAA;AAAA,IACN,oBAAqB,gBAAiB,KAAM,CAAE;AAAA,EAC/C;AACD;AAcO,SAAS,WAAY,OAAwB;AACnD,SAAO,eAAgB,gBAAiB,KAAM,CAAE;AACjD;AAWO,SAAS,mBAAoB,OAAwB;AAC3D,SAAO,eAAgB,MAAM,QAAS,MAAM,OAAQ,CAAE;AACvD;AASO,SAAS,qBAAsB,MAAwB;AAC7D,SAAO,CAAE,8BAA8B,KAAM,IAAK;AACnD;",
|
|
6
|
+
"names": ["__unstableEscapeGreaterThan"]
|
|
7
|
+
}
|
|
@@ -1,16 +1,7 @@
|
|
|
1
|
-
|
|
2
|
-
|
|
3
|
-
*
|
|
4
|
-
* Note that if a resolution for Trac#45387 comes to fruition, it is no longer
|
|
5
|
-
* necessary for `__unstableEscapeGreaterThan` to exist.
|
|
6
|
-
*
|
|
7
|
-
* See: https://core.trac.wordpress.org/ticket/45387
|
|
8
|
-
*
|
|
9
|
-
* @param value Original string.
|
|
10
|
-
*
|
|
11
|
-
* @return Escaped string.
|
|
12
|
-
*/
|
|
13
|
-
export default function __unstableEscapeGreaterThan(value) {
|
|
14
|
-
return value.replace(/>/g, '>');
|
|
1
|
+
function __unstableEscapeGreaterThan(value) {
|
|
2
|
+
return value.replace(/>/g, ">");
|
|
15
3
|
}
|
|
16
|
-
|
|
4
|
+
export {
|
|
5
|
+
__unstableEscapeGreaterThan as default
|
|
6
|
+
};
|
|
7
|
+
//# sourceMappingURL=escape-greater.js.map
|
|
@@ -1 +1,7 @@
|
|
|
1
|
-
{
|
|
1
|
+
{
|
|
2
|
+
"version": 3,
|
|
3
|
+
"sources": ["../src/escape-greater.ts"],
|
|
4
|
+
"sourcesContent": ["/**\n * Returns a string with greater-than sign replaced.\n *\n * Note that if a resolution for Trac#45387 comes to fruition, it is no longer\n * necessary for `__unstableEscapeGreaterThan` to exist.\n *\n * See: https://core.trac.wordpress.org/ticket/45387\n *\n * @param value Original string.\n *\n * @return Escaped string.\n */\nexport default function __unstableEscapeGreaterThan( value: string ): string {\n\treturn value.replace( />/g, '>' );\n}\n"],
|
|
5
|
+
"mappings": "AAYe,SAAR,4BAA8C,OAAwB;AAC5E,SAAO,MAAM,QAAS,MAAM,MAAO;AACpC;",
|
|
6
|
+
"names": []
|
|
7
|
+
}
|
package/build-module/index.js
CHANGED
|
@@ -1,120 +1,35 @@
|
|
|
1
|
-
|
|
2
|
-
* Internal dependencies
|
|
3
|
-
*/
|
|
4
|
-
import __unstableEscapeGreaterThan from './escape-greater';
|
|
5
|
-
|
|
6
|
-
/**
|
|
7
|
-
* Regular expression matching invalid attribute names.
|
|
8
|
-
*
|
|
9
|
-
* "Attribute names must consist of one or more characters other than controls,
|
|
10
|
-
* U+0020 SPACE, U+0022 ("), U+0027 ('), U+003E (>), U+002F (/), U+003D (=),
|
|
11
|
-
* and noncharacters."
|
|
12
|
-
*
|
|
13
|
-
* @see https://html.spec.whatwg.org/multipage/syntax.html#attributes-2
|
|
14
|
-
*/
|
|
1
|
+
import __unstableEscapeGreaterThan from "./escape-greater";
|
|
15
2
|
const REGEXP_INVALID_ATTRIBUTE_NAME = /[\u007F-\u009F "'>/="\uFDD0-\uFDEF]/;
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
* Returns a string with ampersands escaped. Note that this is an imperfect
|
|
19
|
-
* implementation, where only ampersands which do not appear as a pattern of
|
|
20
|
-
* named, decimal, or hexadecimal character references are escaped. Invalid
|
|
21
|
-
* named references (i.e. ambiguous ampersand) are still permitted.
|
|
22
|
-
*
|
|
23
|
-
* @see https://w3c.github.io/html/syntax.html#character-references
|
|
24
|
-
* @see https://w3c.github.io/html/syntax.html#ambiguous-ampersand
|
|
25
|
-
* @see https://w3c.github.io/html/syntax.html#named-character-references
|
|
26
|
-
*
|
|
27
|
-
* @param value Original string.
|
|
28
|
-
*
|
|
29
|
-
* @return Escaped string.
|
|
30
|
-
*/
|
|
31
|
-
export function escapeAmpersand(value) {
|
|
32
|
-
return value.replace(/&(?!([a-z0-9]+|#[0-9]+|#x[a-f0-9]+);)/gi, '&');
|
|
3
|
+
function escapeAmpersand(value) {
|
|
4
|
+
return value.replace(/&(?!([a-z0-9]+|#[0-9]+|#x[a-f0-9]+);)/gi, "&");
|
|
33
5
|
}
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
* Returns a string with quotation marks replaced.
|
|
37
|
-
*
|
|
38
|
-
* @param value Original string.
|
|
39
|
-
*
|
|
40
|
-
* @return Escaped string.
|
|
41
|
-
*/
|
|
42
|
-
export function escapeQuotationMark(value) {
|
|
43
|
-
return value.replace(/"/g, '"');
|
|
6
|
+
function escapeQuotationMark(value) {
|
|
7
|
+
return value.replace(/"/g, """);
|
|
44
8
|
}
|
|
45
|
-
|
|
46
|
-
|
|
47
|
-
* Returns a string with less-than sign replaced.
|
|
48
|
-
*
|
|
49
|
-
* @param value Original string.
|
|
50
|
-
*
|
|
51
|
-
* @return Escaped string.
|
|
52
|
-
*/
|
|
53
|
-
export function escapeLessThan(value) {
|
|
54
|
-
return value.replace(/</g, '<');
|
|
9
|
+
function escapeLessThan(value) {
|
|
10
|
+
return value.replace(/</g, "<");
|
|
55
11
|
}
|
|
56
|
-
|
|
57
|
-
|
|
58
|
-
|
|
59
|
-
|
|
60
|
-
* @see https://w3c.github.io/html/syntax.html#elements-attributes
|
|
61
|
-
*
|
|
62
|
-
* "[...] the text cannot contain an ambiguous ampersand [...] must not contain
|
|
63
|
-
* any literal U+0022 QUOTATION MARK characters (")"
|
|
64
|
-
*
|
|
65
|
-
* Note we also escape the greater than symbol, as this is used by wptexturize to
|
|
66
|
-
* split HTML strings. This is a WordPress specific fix
|
|
67
|
-
*
|
|
68
|
-
* Note that if a resolution for Trac#45387 comes to fruition, it is no longer
|
|
69
|
-
* necessary for `__unstableEscapeGreaterThan` to be used.
|
|
70
|
-
*
|
|
71
|
-
* See: https://core.trac.wordpress.org/ticket/45387
|
|
72
|
-
*
|
|
73
|
-
* @param value Attribute value.
|
|
74
|
-
*
|
|
75
|
-
* @return Escaped attribute value.
|
|
76
|
-
*/
|
|
77
|
-
export function escapeAttribute(value) {
|
|
78
|
-
return __unstableEscapeGreaterThan(escapeQuotationMark(escapeAmpersand(value)));
|
|
12
|
+
function escapeAttribute(value) {
|
|
13
|
+
return __unstableEscapeGreaterThan(
|
|
14
|
+
escapeQuotationMark(escapeAmpersand(value))
|
|
15
|
+
);
|
|
79
16
|
}
|
|
80
|
-
|
|
81
|
-
/**
|
|
82
|
-
* Returns an escaped HTML element value.
|
|
83
|
-
*
|
|
84
|
-
* @see https://w3c.github.io/html/syntax.html#writing-html-documents-elements
|
|
85
|
-
*
|
|
86
|
-
* "the text must not contain the character U+003C LESS-THAN SIGN (<) or an
|
|
87
|
-
* ambiguous ampersand."
|
|
88
|
-
*
|
|
89
|
-
* @param value Element value.
|
|
90
|
-
*
|
|
91
|
-
* @return Escaped HTML element value.
|
|
92
|
-
*/
|
|
93
|
-
export function escapeHTML(value) {
|
|
17
|
+
function escapeHTML(value) {
|
|
94
18
|
return escapeLessThan(escapeAmpersand(value));
|
|
95
19
|
}
|
|
96
|
-
|
|
97
|
-
|
|
98
|
-
* Returns an escaped Editable HTML element value. This is different from
|
|
99
|
-
* `escapeHTML`, because for editable HTML, ALL ampersands must be escaped in
|
|
100
|
-
* order to render the content correctly on the page.
|
|
101
|
-
*
|
|
102
|
-
* @param value Element value.
|
|
103
|
-
*
|
|
104
|
-
* @return Escaped HTML element value.
|
|
105
|
-
*/
|
|
106
|
-
export function escapeEditableHTML(value) {
|
|
107
|
-
return escapeLessThan(value.replace(/&/g, '&'));
|
|
20
|
+
function escapeEditableHTML(value) {
|
|
21
|
+
return escapeLessThan(value.replace(/&/g, "&"));
|
|
108
22
|
}
|
|
109
|
-
|
|
110
|
-
/**
|
|
111
|
-
* Returns true if the given attribute name is valid, or false otherwise.
|
|
112
|
-
*
|
|
113
|
-
* @param name Attribute name to test.
|
|
114
|
-
*
|
|
115
|
-
* @return Whether attribute is valid.
|
|
116
|
-
*/
|
|
117
|
-
export function isValidAttributeName(name) {
|
|
23
|
+
function isValidAttributeName(name) {
|
|
118
24
|
return !REGEXP_INVALID_ATTRIBUTE_NAME.test(name);
|
|
119
25
|
}
|
|
120
|
-
|
|
26
|
+
export {
|
|
27
|
+
escapeAmpersand,
|
|
28
|
+
escapeAttribute,
|
|
29
|
+
escapeEditableHTML,
|
|
30
|
+
escapeHTML,
|
|
31
|
+
escapeLessThan,
|
|
32
|
+
escapeQuotationMark,
|
|
33
|
+
isValidAttributeName
|
|
34
|
+
};
|
|
35
|
+
//# sourceMappingURL=index.js.map
|
|
@@ -1 +1,7 @@
|
|
|
1
|
-
{
|
|
1
|
+
{
|
|
2
|
+
"version": 3,
|
|
3
|
+
"sources": ["../src/index.ts"],
|
|
4
|
+
"sourcesContent": ["/**\n * Internal dependencies\n */\nimport __unstableEscapeGreaterThan from './escape-greater';\n\n/**\n * Regular expression matching invalid attribute names.\n *\n * \"Attribute names must consist of one or more characters other than controls,\n * U+0020 SPACE, U+0022 (\"), U+0027 ('), U+003E (>), U+002F (/), U+003D (=),\n * and noncharacters.\"\n *\n * @see https://html.spec.whatwg.org/multipage/syntax.html#attributes-2\n */\nconst REGEXP_INVALID_ATTRIBUTE_NAME: RegExp =\n\t/[\\u007F-\\u009F \"'>/=\"\\uFDD0-\\uFDEF]/;\n\n/**\n * Returns a string with ampersands escaped. Note that this is an imperfect\n * implementation, where only ampersands which do not appear as a pattern of\n * named, decimal, or hexadecimal character references are escaped. Invalid\n * named references (i.e. ambiguous ampersand) are still permitted.\n *\n * @see https://w3c.github.io/html/syntax.html#character-references\n * @see https://w3c.github.io/html/syntax.html#ambiguous-ampersand\n * @see https://w3c.github.io/html/syntax.html#named-character-references\n *\n * @param value Original string.\n *\n * @return Escaped string.\n */\nexport function escapeAmpersand( value: string ): string {\n\treturn value.replace( /&(?!([a-z0-9]+|#[0-9]+|#x[a-f0-9]+);)/gi, '&' );\n}\n\n/**\n * Returns a string with quotation marks replaced.\n *\n * @param value Original string.\n *\n * @return Escaped string.\n */\nexport function escapeQuotationMark( value: string ): string {\n\treturn value.replace( /\"/g, '"' );\n}\n\n/**\n * Returns a string with less-than sign replaced.\n *\n * @param value Original string.\n *\n * @return Escaped string.\n */\nexport function escapeLessThan( value: string ): string {\n\treturn value.replace( /</g, '<' );\n}\n\n/**\n * Returns an escaped attribute value.\n *\n * @see https://w3c.github.io/html/syntax.html#elements-attributes\n *\n * \"[...] the text cannot contain an ambiguous ampersand [...] must not contain\n * any literal U+0022 QUOTATION MARK characters (\")\"\n *\n * Note we also escape the greater than symbol, as this is used by wptexturize to\n * split HTML strings. This is a WordPress specific fix\n *\n * Note that if a resolution for Trac#45387 comes to fruition, it is no longer\n * necessary for `__unstableEscapeGreaterThan` to be used.\n *\n * See: https://core.trac.wordpress.org/ticket/45387\n *\n * @param value Attribute value.\n *\n * @return Escaped attribute value.\n */\nexport function escapeAttribute( value: string ): string {\n\treturn __unstableEscapeGreaterThan(\n\t\tescapeQuotationMark( escapeAmpersand( value ) )\n\t);\n}\n\n/**\n * Returns an escaped HTML element value.\n *\n * @see https://w3c.github.io/html/syntax.html#writing-html-documents-elements\n *\n * \"the text must not contain the character U+003C LESS-THAN SIGN (<) or an\n * ambiguous ampersand.\"\n *\n * @param value Element value.\n *\n * @return Escaped HTML element value.\n */\nexport function escapeHTML( value: string ): string {\n\treturn escapeLessThan( escapeAmpersand( value ) );\n}\n\n/**\n * Returns an escaped Editable HTML element value. This is different from\n * `escapeHTML`, because for editable HTML, ALL ampersands must be escaped in\n * order to render the content correctly on the page.\n *\n * @param value Element value.\n *\n * @return Escaped HTML element value.\n */\nexport function escapeEditableHTML( value: string ): string {\n\treturn escapeLessThan( value.replace( /&/g, '&' ) );\n}\n\n/**\n * Returns true if the given attribute name is valid, or false otherwise.\n *\n * @param name Attribute name to test.\n *\n * @return Whether attribute is valid.\n */\nexport function isValidAttributeName( name: string ): boolean {\n\treturn ! REGEXP_INVALID_ATTRIBUTE_NAME.test( name );\n}\n"],
|
|
5
|
+
"mappings": "AAGA,OAAO,iCAAiC;AAWxC,MAAM,gCACL;AAgBM,SAAS,gBAAiB,OAAwB;AACxD,SAAO,MAAM,QAAS,2CAA2C,OAAQ;AAC1E;AASO,SAAS,oBAAqB,OAAwB;AAC5D,SAAO,MAAM,QAAS,MAAM,QAAS;AACtC;AASO,SAAS,eAAgB,OAAwB;AACvD,SAAO,MAAM,QAAS,MAAM,MAAO;AACpC;AAsBO,SAAS,gBAAiB,OAAwB;AACxD,SAAO;AAAA,IACN,oBAAqB,gBAAiB,KAAM,CAAE;AAAA,EAC/C;AACD;AAcO,SAAS,WAAY,OAAwB;AACnD,SAAO,eAAgB,gBAAiB,KAAM,CAAE;AACjD;AAWO,SAAS,mBAAoB,OAAwB;AAC3D,SAAO,eAAgB,MAAM,QAAS,MAAM,OAAQ,CAAE;AACvD;AASO,SAAS,qBAAsB,MAAwB;AAC7D,SAAO,CAAE,8BAA8B,KAAM,IAAK;AACnD;",
|
|
6
|
+
"names": []
|
|
7
|
+
}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@wordpress/escape-html",
|
|
3
|
-
"version": "3.
|
|
3
|
+
"version": "3.32.1-next.47f435fc9.0",
|
|
4
4
|
"description": "Escape HTML utils.",
|
|
5
5
|
"author": "The WordPress Contributors",
|
|
6
6
|
"license": "GPL-2.0-or-later",
|
|
@@ -24,15 +24,20 @@
|
|
|
24
24
|
},
|
|
25
25
|
"main": "build/index.js",
|
|
26
26
|
"module": "build-module/index.js",
|
|
27
|
+
"exports": {
|
|
28
|
+
".": {
|
|
29
|
+
"types": "./build-types/index.d.ts",
|
|
30
|
+
"import": "./build-module/index.js",
|
|
31
|
+
"require": "./build/index.js"
|
|
32
|
+
},
|
|
33
|
+
"./package.json": "./package.json"
|
|
34
|
+
},
|
|
27
35
|
"react-native": "src/index",
|
|
28
36
|
"wpScript": true,
|
|
29
37
|
"types": "build-types",
|
|
30
38
|
"sideEffects": false,
|
|
31
|
-
"dependencies": {
|
|
32
|
-
"@babel/runtime": "7.25.7"
|
|
33
|
-
},
|
|
34
39
|
"publishConfig": {
|
|
35
40
|
"access": "public"
|
|
36
41
|
},
|
|
37
|
-
"gitHead": "
|
|
42
|
+
"gitHead": "9720f22c138771d2ed1a0522725c3cdf1c242953"
|
|
38
43
|
}
|