module.exports = function htmlspecialchars_decode(string, quoteStyle) { // discuss at: https://locutus.io/php/htmlspecialchars_decode/ // original by: Mirek Slugen // improved by: Kevin van Zonneveld (https://kvz.io) // bugfixed by: Mateusz "loonquawl" Zalega // bugfixed by: Onno Marsman (https://twitter.com/onnomarsman) // bugfixed by: Brett Zamir (https://brett-zamir.me) // bugfixed by: Brett Zamir (https://brett-zamir.me) // input by: ReverseSyntax // input by: Slawomir Kaniecki // input by: Scott Cariss // input by: Francois // input by: Ratheous // input by: Mailfaker (https://www.weedem.fr/) // revised by: Kevin van Zonneveld (https://kvz.io) // reimplemented by: Brett Zamir (https://brett-zamir.me) // example 1: htmlspecialchars_decode("

this -> "

", 'ENT_NOQUOTES') // returns 1: '

this -> "

' // example 2: htmlspecialchars_decode(""") // returns 2: '"' let optTemp = 0 let i = 0 let noquotes = false if (typeof quoteStyle === 'undefined') { quoteStyle = 2 } string = string.toString().replace(/</g, '<').replace(/>/g, '>') const OPTS = { ENT_NOQUOTES: 0, ENT_HTML_QUOTE_SINGLE: 1, ENT_HTML_QUOTE_DOUBLE: 2, ENT_COMPAT: 2, ENT_QUOTES: 3, ENT_IGNORE: 4, } if (quoteStyle === 0) { noquotes = true } if (typeof quoteStyle !== 'number') { // Allow for a single string or an array of string flags quoteStyle = [].concat(quoteStyle) for (i = 0; i < quoteStyle.length; i++) { // Resolve string input to bitwise e.g. 'PATHINFO_EXTENSION' becomes 4 if (OPTS[quoteStyle[i]] === 0) { noquotes = true } else if (OPTS[quoteStyle[i]]) { optTemp = optTemp | OPTS[quoteStyle[i]] } } quoteStyle = optTemp } if (quoteStyle & OPTS.ENT_HTML_QUOTE_SINGLE) { // PHP doesn't currently escape if more than one 0, but it should: string = string.replace(/�*39;/g, "'") // This would also be useful here, but not a part of PHP: // string = string.replace(/'|�*27;/g, "'"); } if (!noquotes) { string = string.replace(/"/g, '"') } // Put this in last place to avoid escape being double-decoded string = string.replace(/&/g, '&') return string }