How to use the escape-goat.htmlEscape function in escape-goat
To help you get started, we’ve selected a few escape-goat examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
go-gitea / gitea / web_src / js / features / contextpopup.js View on Github 
let body = issue.body.replace(/\n+/g, ' ');
if (body.length > 85) {
body = `${body.substring(0, 85)}...`;
}
let labels = '';
for (let i = 0; i < issue.labels.length; i++) {
const label = issue.labels[i];
const red = parseInt(label.color.substring(0, 2), 16);
const green = parseInt(label.color.substring(2, 4), 16);
const blue = parseInt(label.color.substring(4, 6), 16);
let color = '#ffffff';
if ((red * 0.299 + green * 0.587 + blue * 0.114) > 125) {
color = '#000000';
}
labels += `<div style="color: ${color}; background-color:#${label.color};" class="ui label">${htmlEscape(label.name)}</div>`;
}
if (labels.length > 0) {
labels = `<p>${labels}</p>`;
}
let octicon, color;
if (issue.pull_request !== null) {
if (issue.state === 'open') {
color = 'green';
octicon = 'octicon-git-pull-request'; // Open PR
} else if (issue.pull_request.merged === true) {
color = 'purple';
octicon = 'octicon-git-merge'; // Merged PR
} else {
color = 'red';
octicon = 'octicon-git-pull-request'; // Closed PR$.each(response, (_i, issue) => {
// Don't list current issue in the dependency list.
if (issue.id === currIssueId) {
return;
}
filteredResponse.results.push({
name: `#${issue.number} ${htmlEscape(issue.title)
}<div class="text small dont-break-out">${htmlEscape(issue.repository.full_name)}</div>`,
value: issue.id
});
});
return filteredResponse;color = 'green';
octicon = 'octicon-issue-opened'; // Open Issue
} else {
color = 'red';
octicon = 'octicon-issue-closed'; // Closed Issue
}
$element.popup({
variation: 'wide',
delay: {
show: 250
},
html: `
<div>
<p><small>${htmlEscape(issue.repository.full_name)} on ${createdAt}</small></p>
<p><span class="${color}">${svg(octicon)}</span> <strong>${htmlEscape(issue.title)}</strong> #${index}</p>
<p>${htmlEscape(body)}</p>
${labels}
</div>
`
});
});
}octicon = 'octicon-issue-opened'; // Open Issue
} else {
color = 'red';
octicon = 'octicon-issue-closed'; // Closed Issue
}
$element.popup({
variation: 'wide',
delay: {
show: 250
},
html: `
<div>
<p><small>${htmlEscape(issue.repository.full_name)} on ${createdAt}</small></p>
<p><span class="${color}">${svg(octicon)}</span> <strong>${htmlEscape(issue.title)}</strong> #${index}</p>
<p>${htmlEscape(body)}</p>
${labels}
</div>
`
});
});
}template = template.replace(doubleBraceRegex, (_, key) => {
let result = data;
for (const property of key.split('.')) {
result = result ? result[property] : '';
}
return htmlEscape(String(result));
});
}module.exports = attributes => {
const handledAttributes = [];
for (let [key, value] of Object.entries(attributes)) {
if (value === false) {
continue;
}
if (Array.isArray(value)) {
value = value.join(' ');
}
let attribute = htmlEscape(key);
if (value !== true) {
attribute += `="${htmlEscape(String(value))}"`;
}
handledAttributes.push(attribute);
}
return handledAttributes.length > 0 ? ' ' + handledAttributes.join(' ') : '';
};module.exports = attributes => {
const handledAttributes = [];
for (let [key, value] of Object.entries(attributes)) {
if (value === false) {
continue;
}
if (Array.isArray(value)) {
value = value.join(' ');
}
let attribute = htmlEscape(key);
if (value !== true) {
attribute += `="${htmlEscape(String(value))}"`;
}
handledAttributes.push(attribute);
}
return handledAttributes.length > 0 ? ' ' + handledAttributes.join(' ') : '';
};$.each(response.data, (_i, item) => {
let title = item.login;
if (item.full_name && item.full_name.length > 0) {
title += ` (${htmlEscape(item.full_name)})`;
}
items.push({
title,
image: item.avatar_url
});
});$.each(response.data, (_r, repo) => {
filteredResponse.results.push({
name: htmlEscape(repo.full_name),
value: repo.full_name
});
});
return filteredResponse;module.exports = options => {
options = {
name: 'div',
attributes: {},
html: '',
...options
};
if (options.html && options.text) {
throw new Error('The `html` and `text` options are mutually exclusive');
}
const content = options.text ? htmlEscape(options.text) : options.html;
let result = `<${options.name}${stringifyAttributes(options.attributes)}>`;
if (!voidHtmlTags.has(options.name)) {
result += `${content}`;
}
return result;
};escape-goat
Escape a string for use in HTML or the inverse
