mirrors/v
1
0
Fork 0
mirror of https://github.com/vlang/v.git synced 2025-09-13 14:32:26 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions 13

encoding.html: optimize escape performance (#19264)

Browse source
This commit is contained in:
Turiiya 2023-09-03 18:01:19 +02:00 committed by GitHub
parent ed6626dc84
commit 61b219953a
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 11 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

9
vlib/encoding/html/escape.v
View file

@ -5,15 +5,20 @@ pub struct EscapeConfig {
quote bool = true
}
const (
html_replacement_table = ['&', '&amp;', '<', '&lt;', '>', '&gt;']
html_quote_replacement_table = ['"', '&#34;', "'", '&#39;'] // `'&#34;'` is shorter than `'&quot;'`
)
// escape converts special characters in the input, specifically "<", ">", and "&"
// to HTML-safe sequences. If `quote` is set to true (which is default), quotes in
// HTML will also be translated. Both double and single quotes will be affected.
// **Note:** escape() supports funky accents by doing nothing about them. V's UTF-8
// support through `string` is robust enough to deal with these cases.
pub fn escape(input string, config EscapeConfig) string {
tag_free_input := input.replace_each(['&', '&amp;', '<', '&lt;', '>', '&gt;'])
tag_free_input := input.replace_each(html.html_replacement_table)
return if config.quote {
tag_free_input.replace_each(['"', '&quot;', "'", '&#x27;'])
tag_free_input.replace_each(html.html_quote_replacement_table)
} else {
tag_free_input
}

8
vlib/encoding/html/escape_test.v
View file

@ -5,15 +5,15 @@ fn test_escape_html() {
assert html.escape('No change') == 'No change'
assert html.escape('<b>Bold text</b>') == '&lt;b&gt;Bold text&lt;/b&gt;'
assert html.escape('<img />') == '&lt;img /&gt;'
assert html.escape("' onmouseover='alert(1)'") == '&#x27; onmouseover=&#x27;alert(1)&#x27;'
assert html.escape("<a href='http://www.example.com'>link</a>") == '&lt;a href=&#x27;http://www.example.com&#x27;&gt;link&lt;/a&gt;'
assert html.escape("<script>alert('hello');</script>") == '&lt;script&gt;alert(&#x27;hello&#x27;);&lt;/script&gt;'
assert html.escape("' onmouseover='alert(1)'") == '&#39; onmouseover=&#39;alert(1)&#39;'
assert html.escape("<a href='http://www.example.com'>link</a>") == '&lt;a href=&#39;http://www.example.com&#39;&gt;link&lt;/a&gt;'
assert html.escape("<script>alert('hello');</script>") == '&lt;script&gt;alert(&#39;hello&#39;);&lt;/script&gt;'
// Cases obtained from:
// https://github.com/apache/commons-lang/blob/master/src/test/java/org/apache/commons/lang3/StringEscapeUtilsTest.java
assert html.escape('plain text') == 'plain text'
assert html.escape('') == ''
assert html.escape('bread & butter') == 'bread &amp; butter'
assert html.escape('"bread" & butter') == '&quot;bread&quot; &amp; butter'
assert html.escape('"bread" & butter') == '&#34;bread&#34; &amp; butter'
assert html.escape('greater than >') == 'greater than &gt;'
assert html.escape('< less than') == '&lt; less than'
// Leave accents as-is