-
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathtrusted-html.js
More file actions
46 lines (40 loc) · 1.26 KB
/
trusted-html.js
File metadata and controls
46 lines (40 loc) · 1.26 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
import { escapeHTML } from './html.js';
const SUPPORTS_TRUSTED_TYPES = 'trustedTypes' in globalThis;
const POLICY_NAME = 'aegis-escape#html';
const TRUSTED_SYMBOL = Symbol(POLICY_NAME);
const isTrustedHTML = SUPPORTS_TRUSTED_TYPES
? input => globalThis.trustedTypes.isHTML(input)
: input => typeof input === 'object' ? Object.hasOwn(input ?? {}, TRUSTED_SYMBOL) : false;
const policy = SUPPORTS_TRUSTED_TYPES
? globalThis.trustedTypes.createPolicy(POLICY_NAME, { createHTML: input => input })
: Object.freeze({
name: POLICY_NAME,
createHTML(input) {
const obj = {
toString() {
return input;
}
};
Object.defineProperty(obj, TRUSTED_SYMBOL, {
value: true,
enumerable: false,
writable: false,
});
return Object.freeze(obj);
}
});
export function html(strings, ...values) {
if (! Array.isArray(strings) || ! Array.isArray(strings.raw)) {
return policy.createHTML(Array.isArray(strings)
? strings.map(input => isTrustedHTML(input) ? input : escapeHTML(input)).join('')
: escapeHTML(strings));
} else {
return policy.createHTML(String.raw(
strings,
...values.map(val => Array.isArray(val)
? val.flatMap(v => isTrustedHTML(v) ? v : escapeHTML(v)).join('')
: isTrustedHTML(val) ? val : escapeHTML(val)
)
));
}
}