-
Notifications
You must be signed in to change notification settings - Fork 2.6k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
af6859a
commit 9f640ff
Showing
4 changed files
with
403 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,86 @@ | ||
import { group } from "mitata"; | ||
import { bench, run } from "mitata"; | ||
|
||
var bunEscapeHTML = Bun.escapeHTML; | ||
|
||
const matchHtmlRegExp = /["'&<>]/; | ||
|
||
/** | ||
* Escapes special characters and HTML entities in a given html string. | ||
* | ||
* @param {string} string HTML string to escape for later insertion | ||
* @return {string} | ||
* @public | ||
*/ | ||
|
||
function reactEscapeHtml(string) { | ||
const str = "" + string; | ||
const match = matchHtmlRegExp.exec(str); | ||
|
||
if (!match) { | ||
return str; | ||
} | ||
|
||
let escape; | ||
let html = ""; | ||
let index; | ||
let lastIndex = 0; | ||
|
||
for (index = match.index; index < str.length; index++) { | ||
switch (str.charCodeAt(index)) { | ||
case 34: // " | ||
escape = """; | ||
break; | ||
case 38: // & | ||
escape = "&"; | ||
break; | ||
case 39: // ' | ||
escape = "'"; // modified from escape-html; used to be ''' | ||
break; | ||
case 60: // < | ||
escape = "<"; | ||
break; | ||
case 62: // > | ||
escape = ">"; | ||
break; | ||
default: | ||
continue; | ||
} | ||
|
||
if (lastIndex !== index) { | ||
html += str.substring(lastIndex, index); | ||
} | ||
|
||
lastIndex = index + 1; | ||
html += escape; | ||
} | ||
|
||
return lastIndex !== index ? html + str.substring(lastIndex, index) : html; | ||
} | ||
|
||
const long = ("lalala" + "<script>alert(1)</script>" + "lalala").repeat(9000); | ||
const short = "lalala" + "<script>alert(1)</script>" + "lalala"; | ||
const middle = | ||
"lalala".repeat(2000) + "<script>alert(1)</script>" + "lalala".repeat(2000); | ||
const nothing = "lalala".repeat(9999); | ||
group(`long (${long.length})`, () => { | ||
bench("react's escapeHTML", () => reactEscapeHtml(long)); | ||
bench("bun's escapeHTML", () => bunEscapeHTML(long)); | ||
}); | ||
|
||
group(`short (${short.length})`, () => { | ||
bench("react's escapeHTML", () => reactEscapeHtml(short)); | ||
bench("bun's escapeHTML", () => bunEscapeHTML(short)); | ||
}); | ||
|
||
group(`middle (${middle.length})`, () => { | ||
bench("react's escapeHTML", () => reactEscapeHtml(middle)); | ||
bench("bun's escapeHTML", () => bunEscapeHTML(middle)); | ||
}); | ||
|
||
group(`nothing (${nothing.length})`, () => { | ||
bench("react's escapeHTML", () => reactEscapeHtml(nothing)); | ||
bench("bun's escapeHTML", () => bunEscapeHTML(nothing)); | ||
}); | ||
|
||
await run(); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,54 @@ | ||
import { describe, it, expect } from "bun:test"; | ||
import { gcTick } from "./gc"; | ||
|
||
describe("Bun.escapeHTML", () => { | ||
it("works", () => { | ||
expect(Bun.escapeHTML("<script>alert(1)</script>")).toBe( | ||
"<script>alert(1)</script>" | ||
); | ||
expect(Bun.escapeHTML("<")).toBe("<"); | ||
expect(Bun.escapeHTML(">")).toBe(">"); | ||
expect(Bun.escapeHTML("&")).toBe("&"); | ||
expect(Bun.escapeHTML("'")).toBe("'"); | ||
expect(Bun.escapeHTML('"')).toBe("""); | ||
expect(Bun.escapeHTML("\n")).toBe("\n"); | ||
expect(Bun.escapeHTML("\r")).toBe("\r"); | ||
expect(Bun.escapeHTML("\t")).toBe("\t"); | ||
expect(Bun.escapeHTML("\f")).toBe("\f"); | ||
expect(Bun.escapeHTML("\v")).toBe("\v"); | ||
expect(Bun.escapeHTML("\b")).toBe("\b"); | ||
expect(Bun.escapeHTML("\u00A0")).toBe("\u00A0"); | ||
|
||
// The matrix of cases we need to test for: | ||
// 1. Works with short strings | ||
// 2. Works with long strings | ||
// 3. Works with latin1 strings | ||
// 4. Works with utf16 strings | ||
// 5. Works when the text to escape is somewhere in the middle | ||
// 6. Works when the text to escape is in the beginning | ||
// 7. Works when the text to escape is in the end | ||
// 8. Returns the same string when there's no need to escape | ||
expect( | ||
Bun.escapeHTML("lalala" + "<script>alert(1)</script>" + "lalala") | ||
).toBe("lalala<script>alert(1)</script>lalala"); | ||
|
||
expect(Bun.escapeHTML("<script>alert(1)</script>" + "lalala")).toBe( | ||
"<script>alert(1)</script>lalala" | ||
); | ||
expect(Bun.escapeHTML("lalala" + "<script>alert(1)</script>")).toBe( | ||
"lalala" + "<script>alert(1)</script>" | ||
); | ||
|
||
expect( | ||
Bun.escapeHTML( | ||
("lalala" + "<script>alert(1)</script>" + "lalala").repeat(900) | ||
) | ||
).toBe("lalala<script>alert(1)</script>lalala".repeat(900)); | ||
expect( | ||
Bun.escapeHTML(("<script>alert(1)</script>" + "lalala").repeat(900)) | ||
).toBe("<script>alert(1)</script>lalala".repeat(900)); | ||
expect( | ||
Bun.escapeHTML(("lalala" + "<script>alert(1)</script>").repeat(900)) | ||
).toBe(("lalala" + "<script>alert(1)</script>").repeat(900)); | ||
}); | ||
}); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.