• Jump To … +
    ClientController.js ClientRequest.js ExpressServerRequest.js ReactServerAgent.js Cache.js Plugins.js Request.js handlePage.js loggingClient.js ClientRequestSpec.js NormalValuesPage.js NullValuePromisesPage.js NullValuesPage.js reactMiddlewareSpec.js client.js common.js History.js RootContainer.js RootElement.js TheFold.js config.js constants.js Navigator.js RequestContext.js logging.js client.js common.js response.js server.js stats.js renderMiddleware.js server.js ClientCssHelper.js DebugUtil.js PageUtil.js RequestLocalStorage.js StringEscapeUtil.js bundleNameUtil.js navigateTo.js

  • StringEscapeUtil.js

  • ¶
  • ¶

    see comment on escapeForScriptTag about how these are used

    var UNSAFE_CHARS = /[<>/]/g;
var REPLACEMENT_CHARS = {
	'<' : '\\u003C',
	'>' : '\\u003E',
	'/' : '\\u002F',
};

module.exports = {

	/**
	 * Escapes a string in a manner suitable for including in a <script> tag.
	 * (It replaces '<', '>', '/' with their unicode equivalents, effectively
	 * hiding any erroneous "</script>" tags written out in JS strings from
	 * the HTML parser.
	 *
	 * Idea borrowed from Yahoo's express-state, but our use case is simpler:
	 * https://github.com/yahoo/express-state
	 */
	escapeForScriptTag (str) {
		if (!str) {
			return str;
		}

		return str.replace(UNSAFE_CHARS, function (match) {
			return REPLACEMENT_CHARS[match];
		});
	},


}