18 lines
345 B
JavaScript
18 lines
345 B
JavaScript
// HTML 转义函数,防止 XSS 攻击
|
|
function escapeHtml(unsafe) {
|
|
if (unsafe === undefined || unsafe === null) {
|
|
return '';
|
|
}
|
|
return String(unsafe)
|
|
.replace(/&/g, '&')
|
|
.replace(/</g, '<')
|
|
.replace(/>/g, '>')
|
|
.replace(/\"/g, '"')
|
|
.replace(/'/g, ''');
|
|
}
|
|
|
|
module.exports = {
|
|
escapeHtml,
|
|
};
|
|
|