Skip to content

Commit

Permalink
Better encoding
Browse files Browse the repository at this point in the history
  • Loading branch information
JrMasterModelBuilder committed Oct 15, 2023
1 parent 8375959 commit 5c443aa
Showing 1 changed file with 14 additions and 8 deletions.
22 changes: 14 additions & 8 deletions src/projector/html.ts
Original file line number Diff line number Diff line change
Expand Up @@ -9,11 +9,17 @@ import {Projector} from '../projector';
* @returns HTML strings.
*/
function he(s: string) {
return s
.replace(/&/g, '&')
.replace(/</g, '&lt;')
.replace(/>/g, '&gt;')
.replace(/"/g, '&quot;');
return s.replace(/&/g, '&amp;').replace(/</g, '&lt;').replace(/>/g, '&gt;');
}

/**
* HTML encode an attribute.
*
* @param s Raw strings.
* @returns HTML strings.
*/
function ha(s: string) {
return he(s).replace(/"/g, '&quot;');
}

/**
Expand Down Expand Up @@ -341,13 +347,13 @@ export class ProjectorHtml extends Projector {
' <div class="main">',
' <div class="player">',
' <object',
...[...object.entries()].map(([a, v]) => ` ${a}="${he(v)}"`),
...[...object.entries()].map(([a, v]) => ` ${a}="${ha(v)}"`),
' >',
...[...param.entries()].map(
([a, v]) => ` <param name="${a}" value="${he(v)}">`
([a, v]) => ` <param name="${a}" value="${ha(v)}">`
),
' <embed',
...[...embed.entries()].map(([a, v]) => ` ${a}="${he(v)}"`),
...[...embed.entries()].map(([a, v]) => ` ${a}="${ha(v)}"`),
' >',
' </object>',
' </div>',
Expand Down

0 comments on commit 5c443aa

Please sign in to comment.