module.exports = function htmlspecialchars(string, quoteStyle, charset, doubleEncode) {
// discuss at: https://locutus.io/php/htmlspecialchars/
// original by: Mirek Slugen
// improved by: Kevin van Zonneveld (https://kvz.io)
// bugfixed by: Nathan
// bugfixed by: Arno
// bugfixed by: Brett Zamir (https://brett-zamir.me)
// bugfixed by: Brett Zamir (https://brett-zamir.me)
// revised by: Kevin van Zonneveld (https://kvz.io)
// input by: Ratheous
// input by: Mailfaker (https://www.weedem.fr/)
// input by: felix
// reimplemented by: Brett Zamir (https://brett-zamir.me)
// note 1: charset argument not supported
// example 1: htmlspecialchars("Test", 'ENT_QUOTES')
// returns 1: '<a href='test'>Test</a>'
// example 2: htmlspecialchars("ab\"c'd", ['ENT_NOQUOTES', 'ENT_QUOTES'])
// returns 2: 'ab"c'd'
// example 3: htmlspecialchars('my "&entity;" is still here', null, null, false)
// returns 3: 'my "&entity;" is still here'
let optTemp = 0
let i = 0
let noquotes = false
if (typeof quoteStyle === 'undefined' || quoteStyle === null) {
quoteStyle = 2
}
string = string || ''
string = string.toString()
if (doubleEncode !== false) {
// Put this first to avoid double-encoding
string = string.replace(/&/g, '&')
}
string = string.replace(//g, '>')
const OPTS = {
ENT_NOQUOTES: 0,
ENT_HTML_QUOTE_SINGLE: 1,
ENT_HTML_QUOTE_DOUBLE: 2,
ENT_COMPAT: 2,
ENT_QUOTES: 3,
ENT_IGNORE: 4,
}
if (quoteStyle === 0) {
noquotes = true
}
if (typeof quoteStyle !== 'number') {
// Allow for a single string or an array of string flags
quoteStyle = [].concat(quoteStyle)
for (i = 0; i < quoteStyle.length; i++) {
// Resolve string input to bitwise e.g. 'ENT_IGNORE' becomes 4
if (OPTS[quoteStyle[i]] === 0) {
noquotes = true
} else if (OPTS[quoteStyle[i]]) {
optTemp = optTemp | OPTS[quoteStyle[i]]
}
}
quoteStyle = optTemp
}
if (quoteStyle & OPTS.ENT_HTML_QUOTE_SINGLE) {
string = string.replace(/'/g, ''')
}
if (!noquotes) {
string = string.replace(/"/g, '"')
}
return string
}