Monday, 7 October 2019

javascript - Fastest method to escape HTML tags as HTML entities?




I'm writing a Chrome extension that involves doing a lot of the following job: sanitizing strings that might contain HTML tags, by converting <, > and & to <, > and &, respectively.



(In other words, the same as PHP's htmlspecialchars(str, ENT_NOQUOTES) – I don't think there's any real need to convert double-quote characters.)



This is the fastest function I have found so far:



function safe_tags(str) {
    return str.replace(/&/g,'&').replace(//g,'>') ;
}



But there's still a big lag when I have to run a few thousand strings through it in one go.



Can anyone improve on this? It's mostly for strings between 10 and 150 characters, if that makes a difference.



(One idea I had was not to bother encoding the greater-than sign – would there be any real danger with that?)


Answer



You could try passing a callback function to perform the replacement:




var tagsToReplace = {
    '&': '&',
    '<': '<',
    '>': '>'
};

function replaceTag(tag) {
    return tagsToReplace[tag] || tag;
}


function safe_tags_replace(str) {
    return str.replace(/[&<>]/g, replaceTag);
}


Here is a performance test: http://jsperf.com/encode-html-entities to compare with calling the replace function repeatedly, and using the DOM method proposed by Dmitrij.



Your way seems to be faster...



Why do you need it, though?



-

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

php - file_get_contents shows unexpected output while reading a file

I want to output an inline jpg image as a base64 encoded string, however when I do this : $contents = file_get_contents($filename); print ...