quoteAttributeValueForBrowser wraps the html-escaped string with double quotes.
escapeTextContentForBrowser escapes ["'&<>] html strings, and both boolean and numeric types will be converted to string format.
quoteAttributeValueForBrowser.js
'use strict';
// Boolean and numeric types are converted into strings and output; the strings are html converted and processed character by character ["'&<>]
var escapeTextContentForBrowser = require('./escapeTextContentForBrowser');
// The transcoded string is wrapped in quotes
function quoteAttributeValueForBrowser(value) {
return '"' + escapeTextContentForBrowser(value) + '"';
}
module.exports = quoteAttributeValueForBrowser;
escapeTextContentForBrowser.js
'use strict';
// Exclude ["'&<>], skip transcoding
var matchHtmlRegExp = /["'&<>]/;
// transcode the string character by character
function escapeHtml(string) {
var str = '' + string;
var match = matchHtmlRegExp.exec (str);
if (!match) {
return str;
}
var escape;
var html = '';
var index = 0;
var lastIndex = 0;
for (index = match.index; index < str.length; index++) {
switch (str.charCodeAt(index)) {
case 34:
// "
escape = '"';
break;
case 38:
// &
escape = '&';
break;
case 39:
// '
escape = '''; // modified from escape-html; used to be '''
break;
case 60:
// <
escape = '<';
break;
case 62:
// >
escape = '>';
break;
default:
continue;
}
if (lastIndex !== index) {
html += str.substring(lastIndex, index);
}
lastIndex = index + 1;
html += escape;
}
return lastIndex !== index ? html + str.substring(lastIndex, index) : html;
}
// Boolean and numeric types are converted into strings and output; the strings are html converted and processed character by character ["'&<>]
function escapeTextContentForBrowser(text) {
if (typeof text === 'boolean' || typeof text === 'number') {
return '' + text;
}
return escapeHtml(text);
}
module.exports = escapeTextContentForBrowser;