Escape HTML for more data (#573)

Guillaume Chau · web-flow · commit c3c183fbdf6a · 2018-01-26T14:50:36.000+01:00
* More html examples

* Escape function name

* Escape native objects display
diff --git a/shells/dev/target/NativeTypes.vue b/shells/dev/target/NativeTypes.vue
@@ -77,7 +77,9 @@ export default {
       largeArray: [],
       i: new Set([1, 2, 3, 4, new Set([5, 6, 7, 8]), new Map([[1, 2], [3, 4], [5, new Map([[6, 7]])]])]),
       j: new Map([[1, 2], [3, 4], [5, new Map([[6, 7]])], [8, new Set([1, 2, 3, 4, new Set([5, 6, 7, 8]), new Map([[1, 2], [3, 4], [5, new Map([[6, 7]])]])])]]),
-      html: '<b>Bold</b> <i>Italic</i>'
+      html: '<b>Bold</b> <i>Italic</i>',
+      htmlReg: /<b>hey<\/b>/i,
+      'html <b>key</b>': (h, t, m, l) => {}
     }
   },
   computed: {
diff --git a/src/devtools/components/DataField.vue b/src/devtools/components/DataField.vue
@@ -280,11 +280,11 @@ export default {
       } else if (this.valueType === 'plain-object') {
         return 'Object' + (Object.keys(value).length ? '' : ' (empty)')
       } else if (this.valueType.includes('native')) {
-        return specialTypeRE.exec(value)[2]
+        return escape(specialTypeRE.exec(value)[2])
       } else if (typeof value === 'string') {
         var typeMatch = value.match(rawTypeRE)
         if (typeMatch) {
-          return typeMatch[1]
+          return escape(typeMatch[1])
         } else {
           return `<span>"</span>${escape(value)}<span>"</span>`
         }
diff --git a/src/util.js b/src/util.js
@@ -236,7 +236,7 @@ export function getCustomFunctionDetails (func) {
   return {
     _custom: {
       type: 'function',
-      display: `<span>ƒ</span> ${func.name}${args}`
+      display: `<span>ƒ</span> ${escape(func.name)}${args}`
     }
   }
 }

Original file line number	Diff line number	Diff line change
`@@ -236,7 +236,7 @@ export function getCustomFunctionDetails (func) {`
`236`	`236`	`return {`
`237`	`237`	`_custom: {`
`238`	`238`	`type: 'function',`
`239`		- display: `<span>ƒ</span> ${func.name}${args}`
	`239`	+ display: `<span>ƒ</span> ${escape(func.name)}${args}`
`240`	`240`	`}`
`241`	`241`	`}`
`242`	`242`	`}`