Mercurial Mercurial > comt / diff
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
src/cm/media/js/lib/yui/yui3-3.15.0/build/escape/escape-debug.js
changeset 602 e16a97fb364a 
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/src/cm/media/js/lib/yui/yui3-3.15.0/build/escape/escape-debug.js	Mon Mar 10 15:19:48 2014 +0100
@@ -0,0 +1,92 @@
+YUI.add('escape', function (Y, NAME) {
+
+/**
+Provides utility methods for escaping strings.
+
+@module escape
+@class Escape
+@static
+@since 3.3.0
+**/
+
+var HTML_CHARS = {
+        '&': '&',
+        '<': '&lt;',
+        '>': '&gt;',
+        '"': '&quot;',
+        "'": '&#x27;',
+        '/': '&#x2F;',
+        '`': '&#x60;'
+    },
+
+Escape = {
+    // -- Public Static Methods ------------------------------------------------
+
+    /**
+    Returns a copy of the specified string with special HTML characters
+    escaped. The following characters will be converted to their
+    corresponding character entities:
+
+        & < > " ' / `
+
+    This implementation is based on the [OWASP HTML escaping
+    recommendations][1]. In addition to the characters in the OWASP
+    recommendations, we also escape the <code>&#x60;</code> character, since IE
+    interprets it as an attribute delimiter.
+
+    If _string_ is not already a string, it will be coerced to a string.
+
+    [1]: http://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet
+
+    @method html
+    @param {String} string String to escape.
+    @return {String} Escaped string.
+    @static
+    **/
+    html: function (string) {
+        return (string + '').replace(/[&<>"'\/`]/g, Escape._htmlReplacer);
+    },
+
+    /**
+    Returns a copy of the specified string with special regular expression
+    characters escaped, allowing the string to be used safely inside a regex.
+    The following characters, and all whitespace characters, are escaped:
+
+        - $ ^ * ( ) + [ ] { } | \ , . ?
+
+    If _string_ is not already a string, it will be coerced to a string.
+
+    @method regex
+    @param {String} string String to escape.
+    @return {String} Escaped string.
+    @static
+    **/
+    regex: function (string) {
+        // There's no need to escape !, =, and : since they only have meaning
+        // when they follow a parenthesized ?, as in (?:...), and we already
+        // escape parens and question marks.
+        return (string + '').replace(/[\-$\^*()+\[\]{}|\\,.?\s]/g, '\\$&');
+    },
+
+    // -- Protected Static Methods ---------------------------------------------
+
+    /**
+     * Regex replacer for HTML escaping.
+     *
+     * @method _htmlReplacer
+     * @param {String} match Matched character (must exist in HTML_CHARS).
+     * @return {String} HTML entity.
+     * @static
+     * @protected
+     */
+    _htmlReplacer: function (match) {
+        return HTML_CHARS[match];
+    }
+};
+
+Escape.regexp = Escape.regex;
+
+Y.Escape = Escape;
+
+
+}, '@VERSION@', {"requires": ["yui-base"]});
comt