Skip to content

Instantly share code, notes, and snippets.

@tigerhawkvok

tigerhawkvok/StringUnescaper.coffee

Last active March 4, 2016 21:04
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save tigerhawkvok/285b8631ed6ebef4446d to your computer and use it in GitHub Desktop.
Save tigerhawkvok/285b8631ed6ebef4446d to your computer and use it in GitHub Desktop.
Download ZIP
Unescape even fairly mutilated escaped string in Javascript
Raw
StringUnescaper.coffee
String::unescape = (strict = false) ->
###
# Take escaped text, and return the unescaped version
#
# @param string str | String to be used
# @param bool strict | Stict mode will remove all HTML
#
# Test it here:
# https://jsfiddle.net/tigerhawkvok/t9pn1dn5/
#
# Code: https://gist.github.com/tigerhawkvok/285b8631ed6ebef4446d
###
# Create a dummy element
element = document.createElement("div")
decodeHTMLEntities = (str) ->
if str? and typeof str is "string"
unless strict is true
# escape HTML tags
str = escape(str).replace(/%26/g,'&').replace(/%23/g,'#').replace(/%3B/g,';')
else
str = str.replace(/<script[^>]*>([\S\s]*?)<\/script>/gmi, '')
str = str.replace(/<\/?\w(?:[^"'>]|"[^"]*"|'[^']*')*>/gmi, '')
element.innerHTML = str
if element.innerText
# Do we support innerText?
str = element.innerText
element.innerText = ""
else
# Firefox
str = element.textContent
element.textContent = ""
unescape(str)
# Remove encoded or double-encoded tags
fixHtmlEncodings = (string) ->
string = string.replace(/\&amp;#/mg, '&#') # The rest, for double-encodings
string = string.replace(/\&quot;/mg, '"')
string = string.replace(/\&quote;/mg, '"')
string = string.replace(/\&#95;/mg, '_')
string = string.replace(/\&#39;/mg, "'")
string = string.replace(/\&#34;/mg, '"')
string = string.replace(/\&#62;/mg, '>')
string = string.replace(/\&#60;/mg, '<')
string
# Run it
tmp = fixHtmlEncodings(this)
decodeHTMLEntities(tmp)
Raw
StringUnescaper.js
String.prototype.unescape = function(strict) {
var decodeHTMLEntities, element, fixHtmlEncodings, tmp;
if (strict == null) {
strict = false;
}
/*
* Take escaped text, and return the unescaped version
*
* @param string str | String to be used
* @param bool strict | Stict mode will remove all HTML
*
* Test it here:
* https://jsfiddle.net/tigerhawkvok/t9pn1dn5/
*
* Code: https://gist.github.com/tigerhawkvok/285b8631ed6ebef4446d
*/
element = document.createElement("div");
decodeHTMLEntities = function(str) {
if ((str != null) && typeof str === "string") {
if (strict !== true) {
str = escape(str).replace(/%26/g, '&').replace(/%23/g, '#').replace(/%3B/g, ';');
} else {
str = str.replace(/<script[^>]*>([\S\s]*?)<\/script>/gmi, '');
str = str.replace(/<\/?\w(?:[^"'>]|"[^"]*"|'[^']*')*>/gmi, '');
}
element.innerHTML = str;
if (element.innerText) {
str = element.innerText;
element.innerText = "";
} else {
str = element.textContent;
element.textContent = "";
}
}
return unescape(str);
};
fixHtmlEncodings = function(string) {
string = string.replace(/\&amp;#/mg, '&#');
string = string.replace(/\&quot;/mg, '"');
string = string.replace(/\&quote;/mg, '"');
string = string.replace(/\&#95;/mg, '_');
string = string.replace(/\&#39;/mg, "'");
string = string.replace(/\&#34;/mg, '"');
string = string.replace(/\&#62;/mg, '>');
string = string.replace(/\&#60;/mg, '<');
return string;
};
tmp = fixHtmlEncodings(this);
return decodeHTMLEntities(tmp);
};
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment