github/shiny
1
1
Fork 0
mirror of https://github.com/rstudio/shiny.git synced 2026-04-07 03:00:20 -04:00
Code Issues Packages Projects Releases Wiki Activity

Improve escapeHTML

Browse Source 
Replacing one char after another is not a best practice, due to the order dependency of replacing, xss risk and performance.

Fix #1577
This commit is contained in:
Alberto Santini
2017-02-10 18:15:07 +01:00
committed by GitHub
parent 2b494398f2
commit 0a4ca56da9
1 changed files with 12 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
srcjs/utils.js
View File

@@ -1,10 +1,16 @@
function escapeHTML(str) {
return str.replace(/&/g, "&")
.replace(/</g, "&lt;")
.replace(/>/g, "&gt;")
.replace(/"/g, "&quot;")
.replace(/'/g, "&#039;")
.replace(/\//g,"&#x2F;");
var escaped = {
"&": "&amp;",
"<": "&lt;",
">": "&gt;",
'"': "&quot;",
"'": "&#039;",
"/": "&#x2F;"
};
return str.replace(/[&<>'"\/]/g, function(m) {
return escaped[m];
});
}
function randomId() {