Skip to content

Commit

Permalink
StatsHouse UI: escape HTML boost (#689)
Browse files Browse the repository at this point in the history
  • Loading branch information
vauweb authored Aug 16, 2023
1 parent 75b66bc commit 9f1ee96
Showing 1 changed file with 9 additions and 3 deletions.
12 changes: 9 additions & 3 deletions statshouse-ui/src/common/helpers.ts
Original file line number Diff line number Diff line change
Expand Up @@ -143,7 +143,13 @@ export function mergeLeft<T>(targetMerge: T, valueMerge: T): T {
}

export function escapeHTML(str: string): string {
const d = window.document.createElement('DIV');
d.textContent = str;
return d.innerHTML;
const htmlEscapes: Record<string, string> = {
'&': '&amp;',
'<': '&lt;',
'>': '&gt;',
'"': '&quot;',
"'": '&#39;',
};
const reUnescapedHtml = /[&<>"']/g;
return str.replace(reUnescapedHtml, (chr) => htmlEscapes[chr]);
}

0 comments on commit 9f1ee96

Please sign in to comment.