dist/ember.prod.js in ember-source-1.0.0.rc5 vs dist/ember.prod.js in ember-source-1.0.0.rc5.1
- old
+ new
@@ -13945,10 +13945,49 @@
toDOM: function() {
return this.list.join(" ");
}
};
+var BAD_TAG_NAME_TEST_REGEXP = /[^a-zA-Z\-]/;
+var BAD_TAG_NAME_REPLACE_REGEXP = /[^a-zA-Z\-]/g;
+
+function stripTagName(tagName) {
+ if (!tagName) {
+ return tagName;
+ }
+
+ if (!BAD_TAG_NAME_TEST_REGEXP.test(tagName)) {
+ return tagName;
+ }
+
+ return tagName.replace(BAD_TAG_NAME_REPLACE_REGEXP, '');
+}
+
+var BAD_CHARS_REGEXP = /&(?!\w+;)|[<>"'`]/g;
+var POSSIBLE_CHARS_REGEXP = /[&<>"'`]/;
+
+function escapeAttribute(value) {
+ // Stolen shamelessly from Handlebars
+
+ var escape = {
+ "<": "<",
+ ">": ">",
+ '"': """,
+ "'": "'",
+ "`": "`"
+ };
+
+ var escapeChar = function(chr) {
+ return escape[chr] || "&";
+ };
+
+ var string = value.toString();
+
+ if(!POSSIBLE_CHARS_REGEXP.test(string)) { return string; }
+ return string.replace(BAD_CHARS_REGEXP, escapeChar);
+}
+
/**
`Ember.RenderBuffer` gathers information regarding the a view and generates the
final representation. `Ember.RenderBuffer` will generate HTML which can be pushed
to the DOM.
@@ -14232,27 +14271,27 @@
attrs = this.elementAttributes,
props = this.elementProperties,
style = this.elementStyle,
attr, prop;
- buffer += '<' + tagName;
+ buffer += '<' + stripTagName(tagName);
if (id) {
- buffer += ' id="' + this._escapeAttribute(id) + '"';
+ buffer += ' id="' + escapeAttribute(id) + '"';
this.elementId = null;
}
if (classes) {
- buffer += ' class="' + this._escapeAttribute(classes.join(' ')) + '"';
+ buffer += ' class="' + escapeAttribute(classes.join(' ')) + '"';
this.classes = null;
}
if (style) {
buffer += ' style="';
for (prop in style) {
if (style.hasOwnProperty(prop)) {
- buffer += prop + ':' + this._escapeAttribute(style[prop]) + ';';
+ buffer += prop + ':' + escapeAttribute(style[prop]) + ';';
}
}
buffer += '"';
@@ -14260,11 +14299,11 @@
}
if (attrs) {
for (attr in attrs) {
if (attrs.hasOwnProperty(attr)) {
- buffer += ' ' + attr + '="' + this._escapeAttribute(attrs[attr]) + '"';
+ buffer += ' ' + attr + '="' + escapeAttribute(attrs[attr]) + '"';
}
}
this.elementAttributes = null;
}
@@ -14275,11 +14314,11 @@
var value = props[prop];
if (value || typeof(value) === 'number') {
if (value === true) {
buffer += ' ' + prop + '="' + prop + '"';
} else {
- buffer += ' ' + prop + '="' + this._escapeAttribute(props[prop]) + '"';
+ buffer += ' ' + prop + '="' + escapeAttribute(props[prop]) + '"';
}
}
}
}
@@ -14290,11 +14329,11 @@
this.buffer = buffer;
},
pushClosingTag: function() {
var tagName = this.tagNames.pop();
- if (tagName) { this.buffer += '</' + tagName + '>'; }
+ if (tagName) { this.buffer += '</' + stripTagName(tagName) + '>'; }
},
currentTagName: function() {
return this.tagNames[this.tagNames.length-1];
},
@@ -14388,35 +14427,10 @@
}
},
innerString: function() {
return this.buffer;
- },
-
- _escapeAttribute: function(value) {
- // Stolen shamelessly from Handlebars
-
- var escape = {
- "<": "<",
- ">": ">",
- '"': """,
- "'": "'",
- "`": "`"
- };
-
- var badChars = /&(?!\w+;)|[<>"'`]/g;
- var possible = /[&<>"'`]/;
-
- var escapeChar = function(chr) {
- return escape[chr] || "&";
- };
-
- var string = value.toString();
-
- if(!possible.test(string)) { return string; }
- return string.replace(badChars, escapeChar);
}
-
};
})();