diff -r 322d0feea350 -r 89ef5ed3c48b src/cm/media/js/lib/yui/yui_3.10.3/build/escape/escape.js --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/src/cm/media/js/lib/yui/yui_3.10.3/build/escape/escape.js Tue Jul 16 14:29:46 2013 +0200 @@ -0,0 +1,99 @@ +/* +YUI 3.10.3 (build 2fb5187) +Copyright 2013 Yahoo! Inc. All rights reserved. +Licensed under the BSD License. +http://yuilibrary.com/license/ +*/ + +YUI.add('escape', function (Y, NAME) { + +/** +Provides utility methods for escaping strings. + +@module escape +@class Escape +@static +@since 3.3.0 +**/ + +var HTML_CHARS = { + '&': '&', + '<': '<', + '>': '>', + '"': '"', + "'": ''', + '/': '/', + '`': '`' + }, + +Escape = { + // -- Public Static Methods ------------------------------------------------ + + /** + Returns a copy of the specified string with special HTML characters + escaped. The following characters will be converted to their + corresponding character entities: + + & < > " ' / ` + + This implementation is based on the [OWASP HTML escaping + recommendations][1]. In addition to the characters in the OWASP + recommendations, we also escape the ` character, since IE + interprets it as an attribute delimiter. + + If _string_ is not already a string, it will be coerced to a string. + + [1]: http://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet + + @method html + @param {String} string String to escape. + @return {String} Escaped string. + @static + **/ + html: function (string) { + return (string + '').replace(/[&<>"'\/`]/g, Escape._htmlReplacer); + }, + + /** + Returns a copy of the specified string with special regular expression + characters escaped, allowing the string to be used safely inside a regex. + The following characters, and all whitespace characters, are escaped: + + - $ ^ * ( ) + [ ] { } | \ , . ? + + If _string_ is not already a string, it will be coerced to a string. + + @method regex + @param {String} string String to escape. + @return {String} Escaped string. + @static + **/ + regex: function (string) { + // There's no need to escape !, =, and : since they only have meaning + // when they follow a parenthesized ?, as in (?:...), and we already + // escape parens and question marks. + return (string + '').replace(/[\-$\^*()+\[\]{}|\\,.?\s]/g, '\\$&'); + }, + + // -- Protected Static Methods --------------------------------------------- + + /** + * Regex replacer for HTML escaping. + * + * @method _htmlReplacer + * @param {String} match Matched character (must exist in HTML_CHARS). + * @return {String} HTML entity. + * @static + * @protected + */ + _htmlReplacer: function (match) { + return HTML_CHARS[match]; + } +}; + +Escape.regexp = Escape.regex; + +Y.Escape = Escape; + + +}, '3.10.3', {"requires": ["yui-base"]});