/* Copyright (c) 2010, Yahoo! Inc. All rights reserved. Code licensed under the BSD License: http://developer.yahoo.com/yui/license.html version: 3.3.0 build: 3167 */ YUI.add('escape', function(Y) { /** * Provides utility methods for escaping strings. * * @module escape * @class Escape * @static * @since 3.3.0 */ var HTML_CHARS = { '&': '&', '<': '<', '>': '>', '"': '"', "'": ''', '/': '/', '`': '`' }, Escape = { // -- Public Static Methods ------------------------------------------------ /** *
* Returns a copy of the specified string with special HTML characters
* escaped. The following characters will be converted to their
* corresponding character entities:
* & < > " ' / `
*
* This implementation is based on the
* OWASP
* HTML escaping recommendations. In addition to the characters
* in the OWASP recommendation, we also escape the `
* character, since IE interprets it as an attribute delimiter when used in
* innerHTML.
*
- # $ ^ * ( ) + [ ] { } | \ , . ?
*
* @method regex
* @param {String} string String to escape.
* @return {String} Escaped string.
* @static
*/
regex: function (string) {
return string.replace(/[\-#$\^*()+\[\]{}|\\,.?\s]/g, '\\$&');
},
// -- Protected Static Methods ---------------------------------------------
/**
* Regex replacer for HTML escaping.
*
* @method _htmlReplacer
* @param {String} match Matched character (must exist in HTML_CHARS).
* @returns {String} HTML entity.
* @static
* @protected
*/
_htmlReplacer: function (match) {
return HTML_CHARS[match];
}
};
Escape.regexp = Escape.regex;
Y.Escape = Escape;
}, '3.3.0' );