'use strict'; const string = require('./string'); /** * Escape HTML characters in a string. * * ```js * <%= escapeHtml("foo") %> * //=> <span>foo</span> * ``` * * @param {String} `str` String of HTML with characters to escape. * @return {String} * @api public */ exports.escapeHtml = str => { if (!string.isString(str)) return ''; return str.replace(/[/"'&<>]/g, ch => { return ({ '"': '"', '&': '&', '/': '/', '<': '<', '>': '>', '\'': ''' })[ch]; }); }; /** * Strip HTML tags from a string, so that only the text nodes * are preserved. * * ```js * <%= sanitize("foo") %> * //=> 'foo' * ``` * * @param {String} `str` The string of HTML to sanitize. * @return {String} * @api public */ exports.sanitize = str => { return string.isString(str) ? str.replace(/(<([^>]+)>)/g, '').trim() : ''; };