react / wstein / node_modules / jest-cli / node_modules / istanbul / node_modules / js-yaml / node_modules / argparse / node_modules / lodash / string / escape.js
80742 viewsvar baseToString = require('../internal/baseToString'),1escapeHtmlChar = require('../internal/escapeHtmlChar');23/** Used to match HTML entities and HTML characters. */4var reUnescapedHtml = /[&<>"'`]/g,5reHasUnescapedHtml = RegExp(reUnescapedHtml.source);67/**8* Converts the characters "&", "<", ">", '"', "'", and "\`", in `string` to9* their corresponding HTML entities.10*11* **Note:** No other characters are escaped. To escape additional characters12* use a third-party library like [_he_](https://mths.be/he).13*14* Though the ">" character is escaped for symmetry, characters like15* ">" and "/" don't need escaping in HTML and have no special meaning16* unless they're part of a tag or unquoted attribute value.17* See [Mathias Bynens's article](https://mathiasbynens.be/notes/ambiguous-ampersands)18* (under "semi-related fun fact") for more details.19*20* Backticks are escaped because in Internet Explorer < 9, they can break out21* of attribute values or HTML comments. See [#59](https://html5sec.org/#59),22* [#102](https://html5sec.org/#102), [#108](https://html5sec.org/#108), and23* [#133](https://html5sec.org/#133) of the [HTML5 Security Cheatsheet](https://html5sec.org/)24* for more details.25*26* When working with HTML you should always [quote attribute values](http://wonko.com/post/html-escaping)27* to reduce XSS vectors.28*29* @static30* @memberOf _31* @category String32* @param {string} [string=''] The string to escape.33* @returns {string} Returns the escaped string.34* @example35*36* _.escape('fred, barney, & pebbles');37* // => 'fred, barney, & pebbles'38*/39function escape(string) {40// Reset `lastIndex` because in IE < 9 `String#replace` does not.41string = baseToString(string);42return (string && reHasUnescapedHtml.test(string))43? string.replace(reUnescapedHtml, escapeHtmlChar)44: string;45}4647module.exports = escape;484950