[Pkg-javascript-commits] [node-htmlescape] 01/12: Initial commit

Bastien Roucariès rouca at moszumanska.debian.org
Sun Aug 20 13:48:42 UTC 2017 

This is an automated email from the git hooks/post-receive script.

rouca pushed a commit to branch master
in repository node-htmlescape.

commit 0527ca7156a524d256101bb310a9f970f63078ad
Author: Andres Suarez <zertosh at gmail.com>
Date:   Sun Sep 28 00:52:49 2014 -0400

    Initial commit
---
 .gitignore              |  3 +++
 .npmignore              |  4 ++++
 CHANGELOG.md            |  4 ++++
 LICENSE                 |  9 ++++++++
 README.md               | 11 +++++++++
 htmlescape.js           | 28 +++++++++++++++++++++++
 package.json            | 30 +++++++++++++++++++++++++
 test/htmlescape-test.js | 60 +++++++++++++++++++++++++++++++++++++++++++++++++
 8 files changed, 149 insertions(+)

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..d5342a2
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,3 @@
+.DS_Store
+/npm-debug.log
+/node_modules
diff --git a/.npmignore b/.npmignore
new file mode 100644
index 0000000..e2a6af8
--- /dev/null
+++ b/.npmignore
@@ -0,0 +1,4 @@
+/.gitignore
+/CHANGELOG.md
+/LICENSE
+/test
diff --git a/CHANGELOG.md b/CHANGELOG.md
new file mode 100644
index 0000000..d58c677
--- /dev/null
+++ b/CHANGELOG.md
@@ -0,0 +1,4 @@
+1.0.0 / 2014-09-28
+==================
+
+  * Initial release
diff --git a/LICENSE b/LICENSE
new file mode 100644
index 0000000..bdff13e
--- /dev/null
+++ b/LICENSE
@@ -0,0 +1,9 @@
+The MIT License (MIT)
+
+Copyright (c) 2014 Andres Suarez
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..5622a45
--- /dev/null
+++ b/README.md
@@ -0,0 +1,11 @@
+# htmlescape
+
+Proper escaping of JSON for usage as an object literal inside of a `<script>` tag. Use `htmlescape` in place of `JSON.stringify`. For more info see [JSON: The JavaScript subset that isn't](http://timelessrepo.com/json-isnt-a-javascript-subset).
+
+## Usage
+
+```js
+var htmlescape = require('htmlescape');
+htmlescape({prop:'value'});
+//=> '{"prop":"value"}'
+```
diff --git a/htmlescape.js b/htmlescape.js
new file mode 100644
index 0000000..dec4c88
--- /dev/null
+++ b/htmlescape.js
@@ -0,0 +1,28 @@
+/**
+ * Proper escaping of JSON for usage as an object literal inside
+ * of a `<script>` tag.
+ *
+ * js implementation of http://golang.org/pkg/encoding/json/#HTMLEscape
+ *
+ * more info: http://timelessrepo.com/json-isnt-a-javascript-subset
+ */
+
+'use strict';
+
+var ESCAPE_LOOKUP = {
+  '&': '\\u0026',
+  '>': '\\u003e',
+  '<': '\\u003c',
+  '\u2028': '\\u2028',
+  '\u2029': '\\u2029'
+};
+
+var ESCAPE_REGEX = /[&><\u2028\u2029]/g;
+
+function escaper(match) {
+  return ESCAPE_LOOKUP[match];
+}
+
+module.exports = function(obj) {
+  return JSON.stringify(obj).replace(ESCAPE_REGEX, escaper);
+};
diff --git a/package.json b/package.json
new file mode 100644
index 0000000..f0546f4
--- /dev/null
+++ b/package.json
@@ -0,0 +1,30 @@
+{
+  "name": "htmlescape",
+  "version": "0.0.1",
+  "description": "htmlescape",
+  "keywords": [
+    "escape",
+    "encoding",
+    "html",
+    "json",
+    "template"
+  ],
+  "homepage": "https://github.com/zertosh/htmlescape",
+  "licence": "MIT",
+  "author": "Andres Suarez <zertosh at gmail.com>",
+  "main": "htmlescape.js",
+  "repository": {
+    "type": "git",
+    "url": "git://github.com/zertosh/htmlescape.git"
+  },
+  "scripts": {
+    "test": "tape test/*.js"
+  },
+  "dependencies": {},
+  "devDependencies": {
+    "tape": "^3.0.0"
+  },
+  "engines": {
+    "node": ">=0.10"
+  }
+}
diff --git a/test/htmlescape-test.js b/test/htmlescape-test.js
new file mode 100644
index 0000000..ceb5906
--- /dev/null
+++ b/test/htmlescape-test.js
@@ -0,0 +1,60 @@
+'use strict';
+
+var test = require('tape');
+var vm = require('vm');
+
+test('htmlescape', function(t) {
+
+  var htmlescape = require('../');
+
+  t.test('with angle brackets should escape', function(t) {
+    var evilObj = {evil: '<script></script>'};
+    t.equal(htmlescape(evilObj), '{"evil":"\\u003cscript\\u003e\\u003c/script\\u003e"}');
+    t.end();
+  });
+
+  t.test('with angle brackets should parse back', function(t) {
+    var evilObj = {evil: '<script></script>'};
+    t.looseEqual(JSON.parse(htmlescape(evilObj)), evilObj);
+    t.end();
+  });
+
+  t.test('with ampersands should escape', function(t) {
+    var evilObj = {evil: '&'};
+    t.equal(htmlescape(evilObj), '{"evil":"\\u0026"}');
+    t.end();
+  });
+
+  t.test('with ampersands should parse back', function(t) {
+    var evilObj = {evil: '&'};
+    t.looseEqual(JSON.parse(htmlescape(evilObj)), evilObj);
+    t.end();
+  });
+
+  t.test('with "LINE SEPARATOR" and "PARAGRAPH SEPARATOR" should escape', function(t) {
+    var evilObj = {evil: '\u2028\u2029'};
+    t.equal(htmlescape(evilObj), '{"evil":"\\u2028\\u2029"}');
+    t.end();
+  });
+
+  t.test('with "LINE SEPARATOR" and "PARAGRAPH SEPARATOR" should parse back', function(t) {
+    var evilObj = {evil: '\u2028\u2029'};
+    t.looseEqual(JSON.parse(htmlescape(evilObj)), evilObj);
+    t.end();
+  });
+
+  t.test('escaped line terminators should work', function(t) {
+    t.doesNotThrow(function() {
+      vm.runInNewContext('(' + htmlescape({evil: '\u2028\u2029'}) + ')');
+    });
+    t.end();
+  });
+
+  t.test('unescaped line terminators should not work', function(t) {
+    t.throws(function() {
+      vm.runInNewContext('(' + JSON.stringify({evil: '\u2028\u2029'}) + ')');
+    });
+    t.end();
+  });
+
+});

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-javascript/node-htmlescape.git

More information about the Pkg-javascript-commits mailing list