From eaa6b33b8e831aac109ac0229cdd1fa5afa22d02 Mon Sep 17 00:00:00 2001
From: graham-dds <graham.beckley-ctr@friends.dds.mil>
Date: Tue, 7 Jan 2020 15:25:55 -0500
Subject: [PATCH] Add js lib function for escaping HTML

---
 js/lib/__tests__/escape.test.js | 21 +++++++++++++++++++++
 js/lib/escape.js                | 20 ++++++++++++++++++++
 2 files changed, 41 insertions(+)
 create mode 100644 js/lib/__tests__/escape.test.js
 create mode 100644 js/lib/escape.js

diff --git a/js/lib/__tests__/escape.test.js b/js/lib/__tests__/escape.test.js
new file mode 100644
index 00000000..9dc2d5fe
--- /dev/null
+++ b/js/lib/__tests__/escape.test.js
@@ -0,0 +1,21 @@
+import escape from '../escape'
+describe('escape', () => {
+  const htmlEscapes = {
+    '&': '&amp;',
+    '<': '&lt;',
+    '>': '&gt;',
+    '"': '&quot;',
+    "'": '&#x27;',
+    '/': '&#x2F;',
+  }
+  it('should escape each character', () => {
+    for (let [char, escapedChar] of Object.entries(htmlEscapes)) {
+      expect(escape(char)).toBe(escapedChar)
+    }
+  })
+  it('should escape multiple characters', () => {
+    expect(escape('& and < and > and " and \' and /')).toBe(
+      '&amp; and &lt; and &gt; and &quot; and &#x27; and &#x2F;'
+    )
+  })
+})
diff --git a/js/lib/escape.js b/js/lib/escape.js
new file mode 100644
index 00000000..b72103c4
--- /dev/null
+++ b/js/lib/escape.js
@@ -0,0 +1,20 @@
+// https://stackoverflow.com/a/6020820
+
+// List of HTML entities for escaping.
+const htmlEscapes = {
+  '&': '&amp;',
+  '<': '&lt;',
+  '>': '&gt;',
+  '"': '&quot;',
+  "'": '&#x27;',
+  '/': '&#x2F;',
+}
+
+const htmlEscaper = /[&<>"'\/]/g
+
+// Escape a string for HTML interpolation.
+const escape = string => {
+  return ('' + string).replace(htmlEscaper, match => htmlEscapes[match])
+}
+
+export default escape