marko 5.33.14 → 5.33.15

package/dist/runtime/html/helpers/escape-script-placeholder.js

@@ -1,4 +1,8 @@
 "use strict";
+const unsafeCharsReg = /<\/script/g;
+const replaceMatch = () => "\\x3C/script";
+const escape = (str) =>
+unsafeCharsReg.test(str) ? str.replace(unsafeCharsReg, replaceMatch) : str;
 
 /**
  * Escapes the '</' sequence in the body of a <script> body to avoid the `<script>` being
@@ -15,9 +19,10 @@
  * prematurely ended and a new script tag could then be started that could then execute
  * arbitrary code.
  */
-var escapeEndingScriptTagRegExp = /<\/script/g;
-module.exports = function escapeScriptHelper(val) {
-  return typeof val === "string" ?
-  val.replace(escapeEndingScriptTagRegExp, "\\u003C/script") :
-  val + "";
+module.exports = function escapeScriptHelper(value) {
+  if (value == null) {
+    return "";
+  }
+
+  return escape(value + "");
 };

package/dist/runtime/html/helpers/escape-style-placeholder.js

@@ -1,4 +1,8 @@
 "use strict";
+const unsafeCharsReg = /<\/style/g;
+const replaceMatch = () => "\\3C/style";
+const escape = (str) =>
+unsafeCharsReg.test(str) ? str.replace(unsafeCharsReg, replaceMatch) : str;
 
 /**
  * Escapes the '</' sequence in the body of a <style> body to avoid the `<style>` being
@@ -13,9 +17,10 @@
  * prematurely ended and a script tag could then be started that could then execute
  * arbitrary code.
  */
-var escapeEndingStyleTagRegExp = /<\/style/g;
-module.exports = function escapeScriptHelper(val) {
-  return typeof val === "string" ?
-  val.replace(escapeEndingStyleTagRegExp, "\\003C/style") :
-  val + "";
+module.exports = function escapeScriptHelper(value) {
+  if (value == null) {
+    return "";
+  }
+
+  return escape(value + "");
 };

package/dist/runtime/html/helpers/escape-xml.js

@@ -1,4 +1,10 @@
 "use strict";
+const unsafeCharsRegExp = /[<&]/g;
+const replaceMatch = (c) => c === "&" ? "&amp;" : "&lt;";
+const escape = (str) =>
+unsafeCharsRegExp.test(str) ?
+str.replace(unsafeCharsRegExp, replaceMatch) :
+str;
 
 module.exports.x = function (value) {
   if (value == null) {
@@ -9,37 +15,7 @@ module.exports.x = function (value) {
     return value.toHTML();
   }
 
-  return escapeXML(value + "");
+  return escape(value + "");
 };
 
-exports.bo_ = escapeXML;
-
-function escapeXML(str) {
-  var len = str.length;
-  var result = "";
-  var lastPos = 0;
-  var i = 0;
-  var replacement;
-
-  for (; i < len; i++) {
-    switch (str[i]) {
-      case "<":
-        replacement = "&lt;";
-        break;
-      case "&":
-        replacement = "&amp;";
-        break;
-      default:
-        continue;
-    }
-
-    result += str.slice(lastPos, i) + replacement;
-    lastPos = i + 1;
-  }
-
-  if (lastPos) {
-    return result + str.slice(lastPos);
-  }
-
-  return str;
-}
+exports.bo_ = escape;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "marko",
-  "version": "5.33.14",
+  "version": "5.33.15",
   "description": "UI Components + streaming, async, high performance, HTML templating for Node.js and the browser.",
   "keywords": [
     "front-end",

package/src/runtime/html/helpers/escape-script-placeholder.js

@@ -1,4 +1,8 @@
 "use strict";
+const unsafeCharsReg = /<\/script/g;
+const replaceMatch = () => "\\x3C/script";
+const escape = (str) =>
+  unsafeCharsReg.test(str) ? str.replace(unsafeCharsReg, replaceMatch) : str;
 
 /**
  * Escapes the '</' sequence in the body of a <script> body to avoid the `<script>` being
@@ -15,9 +19,10 @@
  * prematurely ended and a new script tag could then be started that could then execute
  * arbitrary code.
  */
-var escapeEndingScriptTagRegExp = /<\/script/g;
-module.exports = function escapeScriptHelper(val) {
-  return typeof val === "string"
-    ? val.replace(escapeEndingScriptTagRegExp, "\\u003C/script")
-    : val + "";
+module.exports = function escapeScriptHelper(value) {
+  if (value == null) {
+    return "";
+  }
+
+  return escape(value + "");
 };

package/src/runtime/html/helpers/escape-style-placeholder.js

@@ -1,4 +1,8 @@
 "use strict";
+const unsafeCharsReg = /<\/style/g;
+const replaceMatch = () => "\\3C/style";
+const escape = (str) =>
+  unsafeCharsReg.test(str) ? str.replace(unsafeCharsReg, replaceMatch) : str;
 
 /**
  * Escapes the '</' sequence in the body of a <style> body to avoid the `<style>` being
@@ -13,9 +17,10 @@
  * prematurely ended and a script tag could then be started that could then execute
  * arbitrary code.
  */
-var escapeEndingStyleTagRegExp = /<\/style/g;
-module.exports = function escapeScriptHelper(val) {
-  return typeof val === "string"
-    ? val.replace(escapeEndingStyleTagRegExp, "\\003C/style")
-    : val + "";
+module.exports = function escapeScriptHelper(value) {
+  if (value == null) {
+    return "";
+  }
+
+  return escape(value + "");
 };

package/src/runtime/html/helpers/escape-xml.js

@@ -1,4 +1,10 @@
 "use strict";
+const unsafeCharsRegExp = /[<&]/g;
+const replaceMatch = (c) => (c === "&" ? "&amp;" : "&lt;");
+const escape = (str) =>
+  unsafeCharsRegExp.test(str)
+    ? str.replace(unsafeCharsRegExp, replaceMatch)
+    : str;
 
 module.exports.x = function (value) {
   if (value == null) {
@@ -9,37 +15,7 @@ module.exports.x = function (value) {
     return value.toHTML();
   }
 
-  return escapeXML(value + "");
+  return escape(value + "");
 };
 
-exports.___escapeXML = escapeXML;
-
-function escapeXML(str) {
-  var len = str.length;
-  var result = "";
-  var lastPos = 0;
-  var i = 0;
-  var replacement;
-
-  for (; i < len; i++) {
-    switch (str[i]) {
-      case "<":
-        replacement = "&lt;";
-        break;
-      case "&":
-        replacement = "&amp;";
-        break;
-      default:
-        continue;
-    }
-
-    result += str.slice(lastPos, i) + replacement;
-    lastPos = i + 1;
-  }
-
-  if (lastPos) {
-    return result + str.slice(lastPos);
-  }
-
-  return str;
-}
+exports.___escapeXML = escape;