diff --git a/js/privatebin.js b/js/privatebin.js index 8219cfd..a56b946 100644 --- a/js/privatebin.js +++ b/js/privatebin.js @@ -130,17 +130,6 @@ $(function() { } }, - /** - * Convert all applicable characters to HTML entities - * - * @param string str - * @return string encoded string - */ - htmlEntities: function(str) - { - return String(str).replace(/&/g, '&').replace(//g, '>').replace(/"/g, '"'); - }, - /** * Text range selection. * From: https://stackoverflow.com/questions/985272/jquery-selecting-text-in-an-element-akin-to-highlighting-with-your-mouse @@ -301,6 +290,34 @@ $(function() { } } return ''; + }, + + /** + * Convert all applicable characters to HTML entities. + * From: https://github.com/janl/mustache.js/blob/master/mustache.js#L60 + * + * @param string str + * @return string escaped HTML + */ + htmlEntities: function(str) { + return String(str).replace( + /[&<>"'`=\/]/g, function(s) { + return helper.entityMap[s]; + }); + }, + + /** + * character to HTML entity lookup table + */ + entityMap: { + '&': '&', + '<': '<', + '>': '>', + '"': '"', + "'": ''', + '/': '/', + '`': '`', + '=': '=' } }; @@ -635,7 +652,9 @@ $(function() { prettyPrint(); } this.prettyPrint.html( - prettyPrintOne(text, null, true) + prettyPrintOne( + helper.htmlEntities(text), null, true + ) ); } // fall through, as the rest is the same