1 | /**
|
2 | * lodash 3.1.1 (Custom Build) <https://lodash.com/>
|
3 | * Build: `lodash modularize exports="npm" -o ./`
|
4 | * Copyright 2012-2016 The Dojo Foundation <http://dojofoundation.org/>
|
5 | * Based on Underscore.js 1.8.3 <http://underscorejs.org/LICENSE>
|
6 | * Copyright 2009-2016 Jeremy Ashkenas, DocumentCloud and Investigative Reporters & Editors
|
7 | * Available under MIT license <https://lodash.com/license>
|
8 | */
|
9 |
|
10 | /** Used as references for various `Number` constants. */
|
11 | var INFINITY = 1 / 0;
|
12 |
|
13 | /** `Object#toString` result references. */
|
14 | var symbolTag = '[object Symbol]';
|
15 |
|
16 | /** Used to match HTML entities and HTML characters. */
|
17 | var reUnescapedHtml = /[&<>"'`]/g,
|
18 | reHasUnescapedHtml = RegExp(reUnescapedHtml.source);
|
19 |
|
20 | /** Used to map characters to HTML entities. */
|
21 | var htmlEscapes = {
|
22 | '&': '&',
|
23 | '<': '<',
|
24 | '>': '>',
|
25 | '"': '"',
|
26 | "'": ''',
|
27 | '`': '`'
|
28 | };
|
29 |
|
30 | /**
|
31 | * Used by `_.escape` to convert characters to HTML entities.
|
32 | *
|
33 | * @private
|
34 | * @param {string} chr The matched character to escape.
|
35 | * @returns {string} Returns the escaped character.
|
36 | */
|
37 | function escapeHtmlChar(chr) {
|
38 | return htmlEscapes[chr];
|
39 | }
|
40 |
|
41 | /** Used for built-in method references. */
|
42 | var objectProto = global.Object.prototype;
|
43 |
|
44 | /**
|
45 | * Used to resolve the [`toStringTag`](http://ecma-international.org/ecma-262/6.0/#sec-object.prototype.tostring)
|
46 | * of values.
|
47 | */
|
48 | var objectToString = objectProto.toString;
|
49 |
|
50 | /** Built-in value references. */
|
51 | var Symbol = global.Symbol;
|
52 |
|
53 | /** Used to convert symbols to primitives and strings. */
|
54 | var symbolProto = Symbol ? Symbol.prototype : undefined,
|
55 | symbolToString = Symbol ? symbolProto.toString : undefined;
|
56 |
|
57 | /**
|
58 | * Checks if `value` is object-like. A value is object-like if it's not `null`
|
59 | * and has a `typeof` result of "object".
|
60 | *
|
61 | * @static
|
62 | * @memberOf _
|
63 | * @category Lang
|
64 | * @param {*} value The value to check.
|
65 | * @returns {boolean} Returns `true` if `value` is object-like, else `false`.
|
66 | * @example
|
67 | *
|
68 | * _.isObjectLike({});
|
69 | * // => true
|
70 | *
|
71 | * _.isObjectLike([1, 2, 3]);
|
72 | * // => true
|
73 | *
|
74 | * _.isObjectLike(_.noop);
|
75 | * // => false
|
76 | *
|
77 | * _.isObjectLike(null);
|
78 | * // => false
|
79 | */
|
80 | function isObjectLike(value) {
|
81 | return !!value && typeof value == 'object';
|
82 | }
|
83 |
|
84 | /**
|
85 | * Checks if `value` is classified as a `Symbol` primitive or object.
|
86 | *
|
87 | * @static
|
88 | * @memberOf _
|
89 | * @category Lang
|
90 | * @param {*} value The value to check.
|
91 | * @returns {boolean} Returns `true` if `value` is correctly classified, else `false`.
|
92 | * @example
|
93 | *
|
94 | * _.isSymbol(Symbol.iterator);
|
95 | * // => true
|
96 | *
|
97 | * _.isSymbol('abc');
|
98 | * // => false
|
99 | */
|
100 | function isSymbol(value) {
|
101 | return typeof value == 'symbol' ||
|
102 | (isObjectLike(value) && objectToString.call(value) == symbolTag);
|
103 | }
|
104 |
|
105 | /**
|
106 | * Converts `value` to a string if it's not one. An empty string is returned
|
107 | * for `null` and `undefined` values. The sign of `-0` is preserved.
|
108 | *
|
109 | * @static
|
110 | * @memberOf _
|
111 | * @category Lang
|
112 | * @param {*} value The value to process.
|
113 | * @returns {string} Returns the string.
|
114 | * @example
|
115 | *
|
116 | * _.toString(null);
|
117 | * // => ''
|
118 | *
|
119 | * _.toString(-0);
|
120 | * // => '-0'
|
121 | *
|
122 | * _.toString([1, 2, 3]);
|
123 | * // => '1,2,3'
|
124 | */
|
125 | function toString(value) {
|
126 | // Exit early for strings to avoid a performance hit in some environments.
|
127 | if (typeof value == 'string') {
|
128 | return value;
|
129 | }
|
130 | if (value == null) {
|
131 | return '';
|
132 | }
|
133 | if (isSymbol(value)) {
|
134 | return Symbol ? symbolToString.call(value) : '';
|
135 | }
|
136 | var result = (value + '');
|
137 | return (result == '0' && (1 / value) == -INFINITY) ? '-0' : result;
|
138 | }
|
139 |
|
140 | /**
|
141 | * Converts the characters "&", "<", ">", '"', "'", and "\`" in `string` to
|
142 | * their corresponding HTML entities.
|
143 | *
|
144 | * **Note:** No other characters are escaped. To escape additional
|
145 | * characters use a third-party library like [_he_](https://mths.be/he).
|
146 | *
|
147 | * Though the ">" character is escaped for symmetry, characters like
|
148 | * ">" and "/" don't need escaping in HTML and have no special meaning
|
149 | * unless they're part of a tag or unquoted attribute value.
|
150 | * See [Mathias Bynens's article](https://mathiasbynens.be/notes/ambiguous-ampersands)
|
151 | * (under "semi-related fun fact") for more details.
|
152 | *
|
153 | * Backticks are escaped because in IE < 9, they can break out of
|
154 | * attribute values or HTML comments. See [#59](https://html5sec.org/#59),
|
155 | * [#102](https://html5sec.org/#102), [#108](https://html5sec.org/#108), and
|
156 | * [#133](https://html5sec.org/#133) of the [HTML5 Security Cheatsheet](https://html5sec.org/)
|
157 | * for more details.
|
158 | *
|
159 | * When working with HTML you should always [quote attribute values](http://wonko.com/post/html-escaping)
|
160 | * to reduce XSS vectors.
|
161 | *
|
162 | * @static
|
163 | * @memberOf _
|
164 | * @category String
|
165 | * @param {string} [string=''] The string to escape.
|
166 | * @returns {string} Returns the escaped string.
|
167 | * @example
|
168 | *
|
169 | * _.escape('fred, barney, & pebbles');
|
170 | * // => 'fred, barney, & pebbles'
|
171 | */
|
172 | function escape(string) {
|
173 | string = toString(string);
|
174 | return (string && reHasUnescapedHtml.test(string))
|
175 | ? string.replace(reUnescapedHtml, escapeHtmlChar)
|
176 | : string;
|
177 | }
|
178 |
|
179 | module.exports = escape;
|