File tree Expand file tree Collapse file tree
Expand file tree Collapse file tree Original file line number Diff line number Diff line change @@ -14,6 +14,21 @@ export function getProviderOptionsQuery(query) {
1414 return providerOptionsQuery ;
1515}
1616
17+ const HTML_ESCAPE_MAP = {
18+ '&' : '&' ,
19+ '<' : '<' ,
20+ '>' : '>' ,
21+ '"' : '"' ,
22+ "'" : '''
23+ } ;
24+
25+ function escapeHTML ( value ) {
26+ if ( typeof value !== "string" ) {
27+ return value ;
28+ }
29+ return value . replace ( / [ & < > " ' ] / g, char => HTML_ESCAPE_MAP [ char ] ) ;
30+ }
31+
1732function normalizeValue ( value ) {
1833 if ( value === 'true' ) {
1934 return true ;
@@ -27,7 +42,12 @@ function normalizeValue(value) {
2742 if ( / ^ ( \d + ) ? \. \d + $ / . test ( value ) ) {
2843 return parseFloat ( value ) ;
2944 }
30- return value ;
45+ if ( typeof value === 'string' ) {
46+ // Escape string value in case it will be used in html.
47+ return escapeHTML ( value ) ;
48+ }
49+ // Return nothing if unknown type or array.
50+ return ;
3151}
3252
3353export function getProviderOptionsFromQuery ( query ) {
@@ -45,7 +65,9 @@ export function getProviderOptionsFromQuery(query) {
4565 for ( var key in query ) {
4666 if ( key . length > 1 && _RE . test ( key ) ) {
4767 var value = normalizeValue ( query [ key ] ) ;
48- providerOptions [ key ] = value ;
68+ if ( typeof value !== 'undefined' ) {
69+ providerOptions [ key ] = value ;
70+ }
4971 }
5072 }
5173
You can’t perform that action at this time.
0 commit comments