escape.js revision b37bdfc58ac6a28db9af61b710fff27e6975d3fe
/**
* Provides utility methods for escaping strings.
*
* @module escape
* @class Escape
* @static
* @since 3.3.0
*/
var Escape = {
/**
* Returns a copy of the specified string with special HTML characters
* escaped. The following characters will be converted to their
* corresponding character entities:
* <code>& < > " ' /</code>
*
* @method html
* @param {String} string String to escape
* @return {String} Escaped string
* @static
*/
// Based on the OWASP HTML escaping recommendations at
// http://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet
replace(/</g, '<').
replace(/>/g, '>').
replace(/"/g, '"').
replace(/'/g, ''').
replace(/\//g, '/');
},
/**
* Returns a copy of the specified string with special regular expression
* characters escaped, allowing the string to be used safely inside a regex.
* The following characters, and all whitespace characters, are escaped:
* <code>- # $ ^ * ( ) + [ ] { } | \ , . ?</code>
*
* @method regex
* @param {String} string String to escape
* @return {String} Escaped string
* @static
*/
regex: function (string) {
return string.replace(/[\-#$\^*()+\[\]{}|\\,.?\s]/g, '\\$&');
}
};
Escape.regexp = Escape.regex;
Y.Escape = Escape;