Init

sindresorhus · May 27, 2017 · e4a5925 · Semigradsky · Jun 4, 2017 · kolodny
commit e4a5925
Show file tree

Hide file tree

Showing 10 changed files with 184 additions and 0 deletions.
diff --git a/.editorconfig b/.editorconfig
@@ -0,0 +1,12 @@
+root = true
+
+[*]
+indent_style = tab
+end_of_line = lf
+charset = utf-8
+trim_trailing_whitespace = true
+insert_final_newline = true
+
+[*.yml]
+indent_style = space
+indent_size = 2
diff --git a/.gitattributes b/.gitattributes
@@ -0,0 +1,2 @@
+* text=auto
+*.js text eol=lf
diff --git a/.gitignore b/.gitignore
@@ -0,0 +1 @@
+node_modules
diff --git a/.travis.yml b/.travis.yml
@@ -0,0 +1,4 @@
+language: node_js
+node_js:
+  - '6'
+  - '4'
diff --git a/index.js b/index.js
@@ -0,0 +1,23 @@
+'use strict';
+
+const escapes = new Map([
+	['&', '&amp;'],
+	['<', '&lt;'],
+	['>', '&gt;'],
+	['"', '&quot;'],
+	['\'', '&#39;']
+]);
+
+const unescapes = new Map([
+	['&amp;', '&'],
+	['&lt;', '<'],
+	['&gt;', '>'],
+	['&quot;', '"'],
+	['&#39;', '\'']
+]);
+
+exports.escape = input =>
+	input.replace(/[&<>"']/g, m => escapes.has(m) ? escapes.get(m) : m);
+
+exports.unescape = input =>
+	input.replace(/&(?:amp|lt|gt|quot|#39);/g, m => unescapes.has(m) ? unescapes.get(m) : m);
diff --git a/license b/license
@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) Sindre Sorhus <sindresorhus@gmail.com> (sindresorhus.com)
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.
diff --git a/logo.jpg b/logo.jpg
diff --git a/package.json b/package.json
@@ -0,0 +1,43 @@
+{
+	"name": "escape-goat",
+	"version": "0.0.0",
+	"description": "Escape a string for use in HTML or the inverse",
+	"license": "MIT",
+	"repository": "sindresorhus/escape-goat",
+	"author": {
+		"name": "Sindre Sorhus",
+		"email": "sindresorhus@gmail.com",
+		"url": "sindresorhus.com"
+	},
+	"engines": {
+		"node": ">=4"
+	},
+	"scripts": {
+		"test": "xo && ava"
+	},
+	"files": [
+		"index.js"
+	],
+	"keywords": [
+		"escape",
+		"unescape",
+		"html",
+		"entity",
+		"entities",
+		"escaping",
+		"sanitize",
+		"sanitization",
+		"utility",
+		"template",
+		"attribute",
+		"value",
+		"interpolate",
+		"xss",
+		"goat",
+		"🐐"
+	],
+	"devDependencies": {
+		"ava": "*",
+		"xo": "*"
+	}
+}
diff --git a/readme.md b/readme.md
@@ -0,0 +1,58 @@
+<h1>
+	<img src="logo.jpg" width="1280" alt="escape-goat">
+</h1>
+
+> Escape a string for use in HTML or the inverse
+
+[![Build Status](https://travis-ci.org/sindresorhus/escape-goat.svg?branch=master)](https://travis-ci.org/sindresorhus/escape-goat)
+
+
+## Install
+
+```
+$ npm install escape-goat
+```
+
+
+## Usage
+
+```js
+const escapeGoat = require('escape-goat');
+
+escapeGoat.escape('🦄 & 🐐');
+//=> '🦄 &amp; 🐐'
+
+escapeGoat.unescape('🦄 &amp; 🐐');
+//=> '🦄 & 🐐'
+
+escapeGoat.escape('Hello <em>World</em>');
+//=> 'Hello &lt;em&gt;World&lt;/em&gt;'
+```
+
+
+## API
+
+### escapeGoat.escape(input)
+
+Escapes the following characters in the given `input` string: `&` `<` `>` `"` `'`
+
+### escapeGoat.unescape(html)
+
+Unescapes the following HTML entities in the given `input` string: `&amp;` `&lt;` `&gt;` `&quot;` `&#39;`
+
+
+## Tip
+
+Ensure you always quote your HTML attributes to prevent possible [XSS](https://en.wikipedia.org/wiki/Cross-site_scripting).
+
+
+## FAQ
+
+### Why yet another HTML escaping package?
+
+I couldn't find one I liked that was tiny, well-tested, and had both `.escape()` and `.unescape()`.
+
+
+## License
+
+MIT © [Sindre Sorhus](https://sindresorhus.com)
diff --git a/test.js b/test.js
@@ -0,0 +1,20 @@
+import test from 'ava';
+import m from '.';
+
+test('escape', t => {
+	t.is(m.escape('&<>"\''), '&amp;&lt;&gt;&quot;&#39;');
+	t.is(m.escape('🦄 & 🐐'), '🦄 &amp; 🐐');
+	t.is(m.escape('Hello <em>World</em>'), 'Hello &lt;em&gt;World&lt;/em&gt;');
+});
+
+test('unescape', t => {
+	t.is(m.unescape('&amp;&lt;&gt;&quot;&#39;'), '&<>"\'');
+	t.is(m.unescape('🦄 &amp; 🐐'), '🦄 & 🐐');
+	t.is(m.unescape('Hello &lt;em&gt;World&lt;/em&gt;'), 'Hello <em>World</em>');
+});
+
+test('escape & unescape', t => {
+	const input = '&<>"\'';
+	const actual = m.unescape(m.escape(m.unescape(m.escape(input))));
+	t.is(actual, input);
+});