projects / websub-hub / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
display history of topic updates on topic details page
[websub-hub] / src / template / template-helper.js
diff --git a/src/template/template-helper.js b/src/template/template-helper.js
index bb4dad1e3f574f2332683c9e4bc990c9bc98b3a2..a3e113179928d3a878400c9b9c513961a930f2c9 100644 (file)
--- a/src/template/template-helper.js
+++ b/src/template/template-helper.js
@@ -2,7 +2,6 @@
 
 const { TemplateHelper } = require('@squeep/html-template-helper');
 
-
 /**
  * Render a topic as a row of details.
  * @param {Object} topic
@@ -112,7 +111,29 @@ function renderSubscriptionRowHeader() {
 }
 
 
+/**
+ * Escape some xml things in strings.
+ * @param {String} string
+ */
+function xmlEscape(string) {
+  if (typeof string === 'number') {
+    return string;
+  }
+  if (typeof string !== 'string') {
+    return undefined;
+  }
+  // eslint-disable-next-line security/detect-object-injection
+  return string.replace(/[<>&'"]/, (c) => ({
+    '<': '&lt;',
+    '>': '&gt;',
+    '&': '&amp;',
+    '\'': '&apos;',
+    '"': '&quot;',
+  }[c]));
+}
+
 module.exports = Object.assign(Object.create(TemplateHelper), {
+  xmlEscape,
   renderTopicRowHeader,
   renderTopicRow,
   renderSubscriptionRowHeader,
WebSub Hub server