3 var entities = require('character-entities-html4')
4 var legacy = require('character-entities-legacy')
5 var hexadecimal = require('is-hexadecimal')
6 var alphanumerical = require('is-alphanumerical')
7 var dangerous = require('./dangerous.json')
10 module.exports = encode
11 encode.escape = escape
13 var own = {}.hasOwnProperty
15 /* List of enforced escapes. */
16 var escapes = ['"', "'", '<', '>', '&', '`']
18 /* Map of characters to names. */
19 var characters = construct()
21 /* Default escapes. */
22 var defaultEscapes = toExpression(escapes)
24 /* Surrogate pairs. */
25 var surrogatePair = /[\uD800-\uDBFF][\uDC00-\uDFFF]/g
27 /* Non-ASCII characters. */
28 // eslint-disable-next-line no-control-regex, unicorn/no-hex-escape
29 var bmp = /[\x01-\t\x0B\f\x0E-\x1F\x7F\x81\x8D\x8F\x90\x9D\xA0-\uFFFF]/g
31 /* Encode special characters in `value`. */
32 function encode(value, options) {
33 var settings = options || {}
34 var subset = settings.subset
35 var set = subset ? toExpression(subset) : defaultEscapes
36 var escapeOnly = settings.escapeOnly
37 var omit = settings.omitOptionalSemicolons
39 value = value.replace(set, function(char, pos, val) {
40 return one(char, val.charAt(pos + 1), settings)
43 if (subset || escapeOnly) {
48 .replace(surrogatePair, replaceSurrogatePair)
49 .replace(bmp, replaceBmp)
51 function replaceSurrogatePair(pair, pos, val) {
52 return toHexReference(
53 (pair.charCodeAt(0) - 0xd800) * 0x400 +
62 function replaceBmp(char, pos, val) {
63 return one(char, val.charAt(pos + 1), settings)
67 /* Shortcut to escape special characters in HTML. */
68 function escape(value) {
69 return encode(value, {
71 useNamedReferences: true
75 /* Encode `char` according to `options`. */
76 function one(char, next, options) {
77 var shortest = options.useShortestReferences
78 var omit = options.omitOptionalSemicolons
82 if ((shortest || options.useNamedReferences) && own.call(characters, char)) {
83 named = toNamed(characters[char], next, omit, options.attribute)
86 if (shortest || !named) {
87 numeric = toHexReference(char.charCodeAt(0), next, omit)
90 if (named && (!shortest || named.length < numeric.length)) {
97 /* Transform `code` into an entity. */
98 function toNamed(name, next, omit, attribute) {
99 var value = '&' + name
103 own.call(legacy, name) &&
104 dangerous.indexOf(name) === -1 &&
105 (!attribute || (next && next !== '=' && !alphanumerical(next)))
113 /* Transform `code` into a hexadecimal character reference. */
114 function toHexReference(code, next, omit) {
115 var value = '&#x' + code.toString(16).toUpperCase()
116 return omit && next && !hexadecimal(next) ? value : value + ';'
119 /* Create an expression for `characters`. */
120 function toExpression(characters) {
121 return new RegExp('[' + characters.join('') + ']', 'g')
124 /* Construct the map. */
125 function construct() {
129 for (name in entities) {
130 chars[entities[name]] = name