-
-
Notifications
You must be signed in to change notification settings - Fork 4.2k
/
Copy pathstring.ts
106 lines (87 loc) · 2.44 KB
/
string.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
/**
@module @ember/string
*/
export class SafeString {
public string: string;
constructor(string: string) {
this.string = string;
}
toString(): string {
return `${this.string}`;
}
toHTML(): string {
return this.toString();
}
}
const escape = {
'&': '&',
'<': '<',
'>': '>',
'"': '"',
"'": ''',
'`': '`',
'=': '=',
};
const possible = /[&<>"'`=]/;
const badChars = /[&<>"'`=]/g;
function escapeChar(chr: keyof typeof escape) {
return escape[chr];
}
export function escapeExpression(string: any): string {
if (typeof string !== 'string') {
// don't escape SafeStrings, since they're already safe
if (string && string.toHTML) {
return string.toHTML();
} else if (string === null || string === undefined) {
return '';
} else if (!string) {
return string + '';
}
// Force a string conversion as this will be done by the append regardless and
// the regex test will do this transparently behind the scenes, causing issues if
// an object's to string has escaped characters in it.
string = '' + string;
}
if (!possible.test(string)) { return string; }
return string.replace(badChars, escapeChar);
}
/**
Mark a string as safe for unescaped output with Ember templates. If you
return HTML from a helper, use this function to
ensure Ember's rendering layer does not escape the HTML.
```javascript
import { htmlSafe } from '@ember/string';
htmlSafe('<div>someString</div>')
```
@method htmlSafe
@for @ember/template
@static
@return {Handlebars.SafeString} A string that will not be HTML escaped by Handlebars.
@public
*/
export function htmlSafe(str: string) {
if (str === null || str === undefined) {
str = '';
} else if (typeof str !== 'string') {
str = '' + str;
}
return new SafeString(str);
}
/**
Detects if a string was decorated using `htmlSafe`.
```javascript
import { htmlSafe, isHTMLSafe } from '@ember/string';
var plainString = 'plain string',
safeString = htmlSafe('<div>someValue</div>');
isHTMLSafe(plainString); // false
isHTMLSafe(safeString); // true
```
@method isHTMLSafe
@for @ember/template
@static
@return {Boolean} `true` if the string was decorated with `htmlSafe`, `false` otherwise.
@public
*/
export function isHTMLSafe(str: any | null | undefined): str is SafeString {
return str !== null && typeof str === 'object' && typeof str.toHTML === 'function';
}