Show:

Provides utility methods for escaping strings.

Index

Methods

Methods

_htmlReplacer

(
  • match
)
String protected static

Regex replacer for HTML escaping.

Parameters:

  • match String

    Matched character (must exist in HTML_CHARS).

Returns:

String:

HTML entity.

html

(
  • string
)
String static

Returns a copy of the specified string with special HTML characters escaped. The following characters will be converted to their corresponding character entities:

& < > " ' / `
                                                

This implementation is based on the OWASP HTML escaping recommendations. In addition to the characters in the OWASP recommendations, we also escape the <code>`</code> character, since IE interprets it as an attribute delimiter.

If string is not already a string, it will be coerced to a string.

Parameters:

  • string String

    String to escape.

Returns:

String:

Escaped string.

regex

(
  • string
)
String static

Returns a copy of the specified string with special regular expression characters escaped, allowing the string to be used safely inside a regex. The following characters, and all whitespace characters, are escaped:

- $ ^ * ( ) + [ ] { } | \ , . ?
                                                

If string is not already a string, it will be coerced to a string.

Parameters:

  • string String

    String to escape.

Returns:

String:

Escaped string.