Permalink
Name already in use
A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
codeql-action/node_modules/lodash/escape.js
Go to fileThis commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
43 lines (40 sloc)
1.41 KB
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| var escapeHtmlChar = require('./_escapeHtmlChar'), | |
| toString = require('./toString'); | |
| /** Used to match HTML entities and HTML characters. */ | |
| var reUnescapedHtml = /[&<>"']/g, | |
| reHasUnescapedHtml = RegExp(reUnescapedHtml.source); | |
| /** | |
| * Converts the characters "&", "<", ">", '"', and "'" in `string` to their | |
| * corresponding HTML entities. | |
| * | |
| * **Note:** No other characters are escaped. To escape additional | |
| * characters use a third-party library like [_he_](https://mths.be/he). | |
| * | |
| * Though the ">" character is escaped for symmetry, characters like | |
| * ">" and "/" don't need escaping in HTML and have no special meaning | |
| * unless they're part of a tag or unquoted attribute value. See | |
| * [Mathias Bynens's article](https://mathiasbynens.be/notes/ambiguous-ampersands) | |
| * (under "semi-related fun fact") for more details. | |
| * | |
| * When working with HTML you should always | |
| * [quote attribute values](http://wonko.com/post/html-escaping) to reduce | |
| * XSS vectors. | |
| * | |
| * @static | |
| * @since 0.1.0 | |
| * @memberOf _ | |
| * @category String | |
| * @param {string} [string=''] The string to escape. | |
| * @returns {string} Returns the escaped string. | |
| * @example | |
| * | |
| * _.escape('fred, barney, & pebbles'); | |
| * // => 'fred, barney, & pebbles' | |
| */ | |
| function escape(string) { | |
| string = toString(string); | |
| return (string && reHasUnescapedHtml.test(string)) | |
| ? string.replace(reUnescapedHtml, escapeHtmlChar) | |
| : string; | |
| } | |
| module.exports = escape; |