| OLD | NEW |
|---|
| 1 // Copyright (c) 2013, the Dart project authors. Please see the AUTHORS file | 1 // Copyright (c) 2013, the Dart project authors. Please see the AUTHORS file |
| 2 // for details. All rights reserved. Use of this source code is governed by a | 2 // for details. All rights reserved. Use of this source code is governed by a |
| 3 // BSD-style license that can be found in the LICENSE file. | 3 // BSD-style license that can be found in the LICENSE file. |
| 4 | 4 |
| 5 part of dart.convert; | 5 part of dart.convert; |
| 6 | 6 |
| 7 /** | 7 /** |
| 8 * A `String` converter that converts characters to HTML entities. | 8 * A `String` converter that converts characters to HTML entities. |
| 9 * | 9 * |
| 10 * This is intended to sanitice text before inserting the text into an HTML | 10 * This is intended to sanitice text before inserting the text into an HTML |
| (...skipping 20 matching lines...) Expand all Loading... |
| 31 * | 31 * |
| 32 * Allows specifying a mode for HTML escaping that depend on the context | 32 * Allows specifying a mode for HTML escaping that depend on the context |
| 33 * where the escaped result is going to be used. | 33 * where the escaped result is going to be used. |
| 34 * The relevant contexts are: | 34 * The relevant contexts are: |
| 35 * | 35 * |
| 36 * * as text content of an HTML element. | 36 * * as text content of an HTML element. |
| 37 * * as value of a (single- or double-) quoted attribute value. | 37 * * as value of a (single- or double-) quoted attribute value. |
| 38 * | 38 * |
| 39 * All modes require escaping of `&` (ampersand) characters, and may | 39 * All modes require escaping of `&` (ampersand) characters, and may |
| 40 * enable escaping of more characters. | 40 * enable escaping of more characters. |
| 41 * |
| 42 * Custom escape modes can be created using the [HtmlEscapeMode.HtmlEscapeMode] |
| 43 * constructor. |
| 41 */ | 44 */ |
| 42 class HtmlEscapeMode { | 45 class HtmlEscapeMode { |
| 43 final String _name; | 46 final String _name; |
| 44 /** Whether to escape '<' and '>'. */ | 47 /** Whether to escape '<' and '>'. */ |
| 45 final bool escapeLtGt; | 48 final bool escapeLtGt; |
| 46 /** Whether to escape '"' (quote). */ | 49 /** Whether to escape '"' (quote). */ |
| 47 final bool escapeQuot; | 50 final bool escapeQuot; |
| 48 /** Whether to escape "'" (apostrophe). */ | 51 /** Whether to escape "'" (apostrophe). */ |
| 49 final bool escapeApos; | 52 final bool escapeApos; |
| 50 /** | 53 /** |
| (...skipping 16 matching lines...) Expand all Loading... |
| 67 */ | 70 */ |
| 68 static const HtmlEscapeMode UNKNOWN = | 71 static const HtmlEscapeMode UNKNOWN = |
| 69 const HtmlEscapeMode._('unknown', true, true, true, true); | 72 const HtmlEscapeMode._('unknown', true, true, true, true); |
| 70 | 73 |
| 71 /** | 74 /** |
| 72 * Escaping mode for text going into double-quoted HTML attribute values. | 75 * Escaping mode for text going into double-quoted HTML attribute values. |
| 73 * | 76 * |
| 74 * The result should not be used as the content of an unquoted | 77 * The result should not be used as the content of an unquoted |
| 75 * or single-quoted attribute value. | 78 * or single-quoted attribute value. |
| 76 * | 79 * |
| 77 * Escapes only double quotes (`"`) but not single quotes (`'`). | 80 * Escapes double quotes (`"`) but not single quotes (`'`), |
| 81 * and escapes `<` and `>` characters because they are not allowed |
| 82 * in strict XHTML attributes |
| 78 */ | 83 */ |
| 79 static const HtmlEscapeMode ATTRIBUTE = | 84 static const HtmlEscapeMode ATTRIBUTE = |
| 80 const HtmlEscapeMode._('attribute', false, true, false, false); | 85 const HtmlEscapeMode._('attribute', true, true, false, false); |
| 81 | 86 |
| 82 /** | 87 /** |
| 83 * Escaping mode for text going into single-quoted HTML attribute values. | 88 * Escaping mode for text going into single-quoted HTML attribute values. |
| 84 * | 89 * |
| 85 * The result should not be used as the content of an unquoted | 90 * The result should not be used as the content of an unquoted |
| 86 * or double-quoted attribute value. | 91 * or double-quoted attribute value. |
| 87 * | 92 * |
| 88 * Escapes only single quotes (`'`) but not double quotes (`"`). | 93 * Escapes single quotes (`'`) but not double quotes (`"`), |
| 94 * and escapes `<` and `>` characters because they are not allowed |
| 95 * in strict XHTML attributes |
| 89 */ | 96 */ |
| 90 static const HtmlEscapeMode SQ_ATTRIBUTE = | 97 static const HtmlEscapeMode SQ_ATTRIBUTE = |
| 91 const HtmlEscapeMode._('attribute', false, false, true, false); | 98 const HtmlEscapeMode._('attribute', true, false, true, false); |
| 92 | 99 |
| 93 /** | 100 /** |
| 94 * Escaping mode for text going into HTML element content. | 101 * Escaping mode for text going into HTML element content. |
| 95 * | 102 * |
| 96 * The escaping only works for elements with normal HTML content, | 103 * The escaping only works for elements with normal HTML content, |
| 97 * and not for, for example, script or style element content, | 104 * and not for, for example, script or style element content, |
| 98 * which require escapes matching their particular content syntax. | 105 * which require escapes matching their particular content syntax. |
| 99 * | 106 * |
| 100 * Escapes `<` and `>` characters. | 107 * Escapes `<` and `>` characters. |
| 101 */ | 108 */ |
| (...skipping 113 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 215 if(val == null) { | 222 if(val == null) { |
| 216 _sink.addSlice(chunk, start, end, isLast); | 223 _sink.addSlice(chunk, start, end, isLast); |
| 217 } else { | 224 } else { |
| 218 _sink.add(val); | 225 _sink.add(val); |
| 219 if (isLast) _sink.close(); | 226 if (isLast) _sink.close(); |
| 220 } | 227 } |
| 221 } | 228 } |
| 222 | 229 |
| 223 void close() => _sink.close(); | 230 void close() => _sink.close(); |
| 224 } | 231 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1083413004:
Make html-escape also escape < and > in attributes. (Closed)
Base URL: https://dart.googlecode.com/svn/branches/bleeding_edge/dart