You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

258 lines
5.9 KiB

  1. // Copyright 2010 The Go Authors. All rights reserved.
  2. // Use of this source code is governed by a BSD-style
  3. // license that can be found in the LICENSE file.
  4. package html
  5. import (
  6. "bytes"
  7. "strings"
  8. "unicode/utf8"
  9. )
  10. // These replacements permit compatibility with old numeric entities that
  11. // assumed Windows-1252 encoding.
  12. // https://html.spec.whatwg.org/multipage/syntax.html#consume-a-character-reference
  13. var replacementTable = [...]rune{
  14. '\u20AC', // First entry is what 0x80 should be replaced with.
  15. '\u0081',
  16. '\u201A',
  17. '\u0192',
  18. '\u201E',
  19. '\u2026',
  20. '\u2020',
  21. '\u2021',
  22. '\u02C6',
  23. '\u2030',
  24. '\u0160',
  25. '\u2039',
  26. '\u0152',
  27. '\u008D',
  28. '\u017D',
  29. '\u008F',
  30. '\u0090',
  31. '\u2018',
  32. '\u2019',
  33. '\u201C',
  34. '\u201D',
  35. '\u2022',
  36. '\u2013',
  37. '\u2014',
  38. '\u02DC',
  39. '\u2122',
  40. '\u0161',
  41. '\u203A',
  42. '\u0153',
  43. '\u009D',
  44. '\u017E',
  45. '\u0178', // Last entry is 0x9F.
  46. // 0x00->'\uFFFD' is handled programmatically.
  47. // 0x0D->'\u000D' is a no-op.
  48. }
  49. // unescapeEntity reads an entity like "<" from b[src:] and writes the
  50. // corresponding "<" to b[dst:], returning the incremented dst and src cursors.
  51. // Precondition: b[src] == '&' && dst <= src.
  52. // attribute should be true if parsing an attribute value.
  53. func unescapeEntity(b []byte, dst, src int, attribute bool) (dst1, src1 int) {
  54. // https://html.spec.whatwg.org/multipage/syntax.html#consume-a-character-reference
  55. // i starts at 1 because we already know that s[0] == '&'.
  56. i, s := 1, b[src:]
  57. if len(s) <= 1 {
  58. b[dst] = b[src]
  59. return dst + 1, src + 1
  60. }
  61. if s[i] == '#' {
  62. if len(s) <= 3 { // We need to have at least "&#.".
  63. b[dst] = b[src]
  64. return dst + 1, src + 1
  65. }
  66. i++
  67. c := s[i]
  68. hex := false
  69. if c == 'x' || c == 'X' {
  70. hex = true
  71. i++
  72. }
  73. x := '\x00'
  74. for i < len(s) {
  75. c = s[i]
  76. i++
  77. if hex {
  78. if '0' <= c && c <= '9' {
  79. x = 16*x + rune(c) - '0'
  80. continue
  81. } else if 'a' <= c && c <= 'f' {
  82. x = 16*x + rune(c) - 'a' + 10
  83. continue
  84. } else if 'A' <= c && c <= 'F' {
  85. x = 16*x + rune(c) - 'A' + 10
  86. continue
  87. }
  88. } else if '0' <= c && c <= '9' {
  89. x = 10*x + rune(c) - '0'
  90. continue
  91. }
  92. if c != ';' {
  93. i--
  94. }
  95. break
  96. }
  97. if i <= 3 { // No characters matched.
  98. b[dst] = b[src]
  99. return dst + 1, src + 1
  100. }
  101. if 0x80 <= x && x <= 0x9F {
  102. // Replace characters from Windows-1252 with UTF-8 equivalents.
  103. x = replacementTable[x-0x80]
  104. } else if x == 0 || (0xD800 <= x && x <= 0xDFFF) || x > 0x10FFFF {
  105. // Replace invalid characters with the replacement character.
  106. x = '\uFFFD'
  107. }
  108. return dst + utf8.EncodeRune(b[dst:], x), src + i
  109. }
  110. // Consume the maximum number of characters possible, with the
  111. // consumed characters matching one of the named references.
  112. for i < len(s) {
  113. c := s[i]
  114. i++
  115. // Lower-cased characters are more common in entities, so we check for them first.
  116. if 'a' <= c && c <= 'z' || 'A' <= c && c <= 'Z' || '0' <= c && c <= '9' {
  117. continue
  118. }
  119. if c != ';' {
  120. i--
  121. }
  122. break
  123. }
  124. entityName := string(s[1:i])
  125. if entityName == "" {
  126. // No-op.
  127. } else if attribute && entityName[len(entityName)-1] != ';' && len(s) > i && s[i] == '=' {
  128. // No-op.
  129. } else if x := entity[entityName]; x != 0 {
  130. return dst + utf8.EncodeRune(b[dst:], x), src + i
  131. } else if x := entity2[entityName]; x[0] != 0 {
  132. dst1 := dst + utf8.EncodeRune(b[dst:], x[0])
  133. return dst1 + utf8.EncodeRune(b[dst1:], x[1]), src + i
  134. } else if !attribute {
  135. maxLen := len(entityName) - 1
  136. if maxLen > longestEntityWithoutSemicolon {
  137. maxLen = longestEntityWithoutSemicolon
  138. }
  139. for j := maxLen; j > 1; j-- {
  140. if x := entity[entityName[:j]]; x != 0 {
  141. return dst + utf8.EncodeRune(b[dst:], x), src + j + 1
  142. }
  143. }
  144. }
  145. dst1, src1 = dst+i, src+i
  146. copy(b[dst:dst1], b[src:src1])
  147. return dst1, src1
  148. }
  149. // unescape unescapes b's entities in-place, so that "a&lt;b" becomes "a<b".
  150. // attribute should be true if parsing an attribute value.
  151. func unescape(b []byte, attribute bool) []byte {
  152. for i, c := range b {
  153. if c == '&' {
  154. dst, src := unescapeEntity(b, i, i, attribute)
  155. for src < len(b) {
  156. c := b[src]
  157. if c == '&' {
  158. dst, src = unescapeEntity(b, dst, src, attribute)
  159. } else {
  160. b[dst] = c
  161. dst, src = dst+1, src+1
  162. }
  163. }
  164. return b[0:dst]
  165. }
  166. }
  167. return b
  168. }
  169. // lower lower-cases the A-Z bytes in b in-place, so that "aBc" becomes "abc".
  170. func lower(b []byte) []byte {
  171. for i, c := range b {
  172. if 'A' <= c && c <= 'Z' {
  173. b[i] = c + 'a' - 'A'
  174. }
  175. }
  176. return b
  177. }
  178. const escapedChars = "&'<>\"\r"
  179. func escape(w writer, s string) error {
  180. i := strings.IndexAny(s, escapedChars)
  181. for i != -1 {
  182. if _, err := w.WriteString(s[:i]); err != nil {
  183. return err
  184. }
  185. var esc string
  186. switch s[i] {
  187. case '&':
  188. esc = "&amp;"
  189. case '\'':
  190. // "&#39;" is shorter than "&apos;" and apos was not in HTML until HTML5.
  191. esc = "&#39;"
  192. case '<':
  193. esc = "&lt;"
  194. case '>':
  195. esc = "&gt;"
  196. case '"':
  197. // "&#34;" is shorter than "&quot;".
  198. esc = "&#34;"
  199. case '\r':
  200. esc = "&#13;"
  201. default:
  202. panic("unrecognized escape character")
  203. }
  204. s = s[i+1:]
  205. if _, err := w.WriteString(esc); err != nil {
  206. return err
  207. }
  208. i = strings.IndexAny(s, escapedChars)
  209. }
  210. _, err := w.WriteString(s)
  211. return err
  212. }
  213. // EscapeString escapes special characters like "<" to become "&lt;". It
  214. // escapes only five such characters: <, >, &, ' and ".
  215. // UnescapeString(EscapeString(s)) == s always holds, but the converse isn't
  216. // always true.
  217. func EscapeString(s string) string {
  218. if strings.IndexAny(s, escapedChars) == -1 {
  219. return s
  220. }
  221. var buf bytes.Buffer
  222. escape(&buf, s)
  223. return buf.String()
  224. }
  225. // UnescapeString unescapes entities like "&lt;" to become "<". It unescapes a
  226. // larger range of entities than EscapeString escapes. For example, "&aacute;"
  227. // unescapes to "á", as does "&#225;" and "&xE1;".
  228. // UnescapeString(EscapeString(s)) == s always holds, but the converse isn't
  229. // always true.
  230. func UnescapeString(s string) string {
  231. for _, c := range s {
  232. if c == '&' {
  233. return string(unescape([]byte(s), false))
  234. }
  235. }
  236. return s
  237. }