/* Copyright (c) 2010, Yahoo! Inc. All rights reserved. Code licensed under the BSD License: http://developer.yahoo.com/yui/license.html version: 3.3.0 build: 3167 */ YUI.add('escape', function(Y) { /** * Provides utility methods for escaping strings. * * @module escape * @class Escape * @static * @since 3.3.0 */ var HTML_CHARS = { '&': '&', '<': '<', '>': '>', '"': '"', "'": ''', '/': '/', '`': '`' }, Escape = { // -- Public Static Methods ------------------------------------------------ /** *

* Returns a copy of the specified string with special HTML characters * escaped. The following characters will be converted to their * corresponding character entities: * & < > " ' / ` *

* *

* This implementation is based on the * OWASP * HTML escaping recommendations. In addition to the characters * in the OWASP recommendation, we also escape the ` * character, since IE interprets it as an attribute delimiter when used in * innerHTML. *

* * @method html * @param {String} string String to escape. * @return {String} Escaped string. * @static */ html: function (string) { return string.replace(/[&<>"'\/`]/g, Escape._htmlReplacer); }, /** * Returns a copy of the specified string with special regular expression * characters escaped, allowing the string to be used safely inside a regex. * The following characters, and all whitespace characters, are escaped: * - # $ ^ * ( ) + [ ] { } | \ , . ? * * @method regex * @param {String} string String to escape. * @return {String} Escaped string. * @static */ regex: function (string) { return string.replace(/[\-#$\^*()+\[\]{}|\\,.?\s]/g, '\\$&'); }, // -- Protected Static Methods --------------------------------------------- /** * Regex replacer for HTML escaping. * * @method _htmlReplacer * @param {String} match Matched character (must exist in HTML_CHARS). * @returns {String} HTML entity. * @static * @protected */ _htmlReplacer: function (match) { return HTML_CHARS[match]; } }; Escape.regexp = Escape.regex; Y.Escape = Escape; }, '3.3.0' );