/string-avalon-src/filter.js
JavaScript | 348 lines | 287 code | 9 blank | 52 comment | 34 complexity | 98462b6d13be45706aa7b9505babf0fe MD5 | raw file
- /*********************************************************************
- * 自带过滤器 *
- **********************************************************************/
- var rscripts = /<script[^>]*>([\S\s]*?)<\/script\s*>/gim
- var ron = /\s+(on[^=\s]+)(?:=("[^"]*"|'[^']*'|[^\s>]+))?/g
- var ropen = /<\w+\b(?:(["'])[^"]*?(\1)|[^>])*>/ig
- var rsanitize = {
- a: /\b(href)\=("javascript[^"]*"|'javascript[^']*')/ig,
- img: /\b(src)\=("javascript[^"]*"|'javascript[^']*')/ig,
- form: /\b(action)\=("javascript[^"]*"|'javascript[^']*')/ig
- }
- var rsurrogate = /[\uD800-\uDBFF][\uDC00-\uDFFF]/g
- var rnoalphanumeric = /([^\#-~| |!])/g;
- function numberFormat(number, decimals, point, thousands) {
- //form http://phpjs.org/functions/number_format/
- //number 必需,要格式化的数字
- //decimals 可选,规定多少个小数位。
- //point 可选,规定用作小数点的字符串(默认为 . )。
- //thousands 可选,规定用作千位分隔符的字符串(默认为 , ),如果设置了该参数,那么所有其他参数都是必需的。
- number = (number + '')
- .replace(/[^0-9+\-Ee.]/g, '')
- var n = !isFinite(+number) ? 0 : +number,
- prec = !isFinite(+decimals) ? 3 : Math.abs(decimals),
- sep = thousands || ",",
- dec = point || ".",
- s = '',
- toFixedFix = function(n, prec) {
- var k = Math.pow(10, prec)
- return '' + (Math.round(n * k) / k)
- .toFixed(prec)
- }
- // Fix for IE parseFloat(0.55).toFixed(0) = 0;
- s = (prec ? toFixedFix(n, prec) : '' + Math.round(n))
- .split('.')
- if (s[0].length > 3) {
- s[0] = s[0].replace(/\B(?=(?:\d{3})+(?!\d))/g, sep)
- }
- if ((s[1] || '')
- .length < prec) {
- s[1] = s[1] || ''
- s[1] += new Array(prec - s[1].length + 1)
- .join('0')
- }
- return s.join(dec)
- }
- var filters = avalon.filters = {
- uppercase: function(str) {
- return str.toUpperCase()
- },
- lowercase: function(str) {
- return str.toLowerCase()
- },
- truncate: function(str, length, truncation) {
- //length,新字符串长度,truncation,新字符串的结尾的字段,返回新字符串
- length = length || 30
- truncation = truncation === void(0) ? "..." : truncation
- return str.length > length ? str.slice(0, length - truncation.length) + truncation : String(str)
- },
- $filter: function(val) {
- for (var i = 1, n = arguments.length; i < n; i++) {
- var array = arguments[i]
- var fn = avalon.filters[array.shift()]
- if (typeof fn === "function") {
- var arr = [val].concat(array)
- val = fn.apply(null, arr)
- }
- }
- return val
- },
- camelize: camelize,
- //https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet
- // <a href="javasc
ript:alert('XSS')">chrome</a>
- // <a href="data:text/html;base64, PGltZyBzcmM9eCBvbmVycm9yPWFsZXJ0KDEpPg==">chrome</a>
- // <a href="jav ascript:alert('XSS');">IE67chrome</a>
- // <a href="jav	ascript:alert('XSS');">IE67chrome</a>
- // <a href="jav
ascript:alert('XSS');">IE67chrome</a>
- sanitize: function(str) {
- return str.replace(rscripts, "").replace(ropen, function(a, b) {
- var match = a.toLowerCase().match(/<(\w+)\s/)
- if (match) { //处理a标签的href属性,img标签的src属性,form标签的action属性
- var reg = rsanitize[match[1]]
- if (reg) {
- a = a.replace(reg, function(s, name, value) {
- var quote = value.charAt(0)
- return name + "=" + quote + "javascript:void(0)" + quote// jshint ignore:line
- })
- }
- }
- return a.replace(ron, " ").replace(/\s+/g, " ") //移除onXXX事件
- })
- },
- escape: function(str) {
- //将字符串经过 str 转义得到适合在页面中显示的内容, 例如替换 < 为 <
- return String(str).
- replace(/&/g, '&').
- replace(rsurrogate, function(value) {
- var hi = value.charCodeAt(0)
- var low = value.charCodeAt(1)
- return '&#' + (((hi - 0xD800) * 0x400) + (low - 0xDC00) + 0x10000) + ';'
- }).
- replace(rnoalphanumeric, function(value) {
- return '&#' + value.charCodeAt(0) + ';'
- }).
- replace(/</g, '<').
- replace(/>/g, '>')
- },
- currency: function(amount, symbol, fractionSize) {
- return (symbol || "\uFFE5") + numberFormat(amount, isFinite(fractionSize) ? fractionSize : 2)
- },
- number: numberFormat
- }
- /*
- 'yyyy': 4 digit representation of year (e.g. AD 1 => 0001, AD 2010 => 2010)
- 'yy': 2 digit representation of year, padded (00-99). (e.g. AD 2001 => 01, AD 2010 => 10)
- 'y': 1 digit representation of year, e.g. (AD 1 => 1, AD 199 => 199)
- 'MMMM': Month in year (January-December)
- 'MMM': Month in year (Jan-Dec)
- 'MM': Month in year, padded (01-12)
- 'M': Month in year (1-12)
- 'dd': Day in month, padded (01-31)
- 'd': Day in month (1-31)
- 'EEEE': Day in Week,(Sunday-Saturday)
- 'EEE': Day in Week, (Sun-Sat)
- 'HH': Hour in day, padded (00-23)
- 'H': Hour in day (0-23)
- 'hh': Hour in am/pm, padded (01-12)
- 'h': Hour in am/pm, (1-12)
- 'mm': Minute in hour, padded (00-59)
- 'm': Minute in hour (0-59)
- 'ss': Second in minute, padded (00-59)
- 's': Second in minute (0-59)
- 'a': am/pm marker
- 'Z': 4 digit (+sign) representation of the timezone offset (-1200-+1200)
- format string can also be one of the following predefined localizable formats:
-
- 'medium': equivalent to 'MMM d, y h:mm:ss a' for en_US locale (e.g. Sep 3, 2010 12:05:08 pm)
- 'short': equivalent to 'M/d/yy h:mm a' for en_US locale (e.g. 9/3/10 12:05 pm)
- 'fullDate': equivalent to 'EEEE, MMMM d,y' for en_US locale (e.g. Friday, September 3, 2010)
- 'longDate': equivalent to 'MMMM d, y' for en_US locale (e.g. September 3, 2010
- 'mediumDate': equivalent to 'MMM d, y' for en_US locale (e.g. Sep 3, 2010)
- 'shortDate': equivalent to 'M/d/yy' for en_US locale (e.g. 9/3/10)
- 'mediumTime': equivalent to 'h:mm:ss a' for en_US locale (e.g. 12:05:08 pm)
- 'shortTime': equivalent to 'h:mm a' for en_US locale (e.g. 12:05 pm)
- */
- new function() {// jshint ignore:line
- function toInt(str) {
- return parseInt(str, 10) || 0
- }
- function padNumber(num, digits, trim) {
- var neg = ""
- if (num < 0) {
- neg = '-'
- num = -num
- }
- num = "" + num
- while (num.length < digits)
- num = "0" + num
- if (trim)
- num = num.substr(num.length - digits)
- return neg + num
- }
- function dateGetter(name, size, offset, trim) {
- return function(date) {
- var value = date["get" + name]()
- if (offset > 0 || value > -offset)
- value += offset
- if (value === 0 && offset === -12) {
- value = 12
- }
- return padNumber(value, size, trim)
- }
- }
- function dateStrGetter(name, shortForm) {
- return function(date, formats) {
- var value = date["get" + name]()
- var get = (shortForm ? ("SHORT" + name) : name).toUpperCase()
- return formats[get][value]
- }
- }
- function timeZoneGetter(date) {
- var zone = -1 * date.getTimezoneOffset()
- var paddedZone = (zone >= 0) ? "+" : ""
- paddedZone += padNumber(Math[zone > 0 ? "floor" : "ceil"](zone / 60), 2) + padNumber(Math.abs(zone % 60), 2)
- return paddedZone
- }
- //取得上午下午
- function ampmGetter(date, formats) {
- return date.getHours() < 12 ? formats.AMPMS[0] : formats.AMPMS[1]
- }
- var DATE_FORMATS = {
- yyyy: dateGetter("FullYear", 4),
- yy: dateGetter("FullYear", 2, 0, true),
- y: dateGetter("FullYear", 1),
- MMMM: dateStrGetter("Month"),
- MMM: dateStrGetter("Month", true),
- MM: dateGetter("Month", 2, 1),
- M: dateGetter("Month", 1, 1),
- dd: dateGetter("Date", 2),
- d: dateGetter("Date", 1),
- HH: dateGetter("Hours", 2),
- H: dateGetter("Hours", 1),
- hh: dateGetter("Hours", 2, -12),
- h: dateGetter("Hours", 1, -12),
- mm: dateGetter("Minutes", 2),
- m: dateGetter("Minutes", 1),
- ss: dateGetter("Seconds", 2),
- s: dateGetter("Seconds", 1),
- sss: dateGetter("Milliseconds", 3),
- EEEE: dateStrGetter("Day"),
- EEE: dateStrGetter("Day", true),
- a: ampmGetter,
- Z: timeZoneGetter
- }
- var rdateFormat = /((?:[^yMdHhmsaZE']+)|(?:'(?:[^']|'')*')|(?:E+|y+|M+|d+|H+|h+|m+|s+|a|Z))(.*)/
- var raspnetjson = /^\/Date\((\d+)\)\/$/
- filters.date = function(date, format) {
- var locate = filters.date.locate,
- text = "",
- parts = [],
- fn, match
- format = format || "mediumDate"
- format = locate[format] || format
- if (typeof date === "string") {
- if (/^\d+$/.test(date)) {
- date = toInt(date)
- } else if (raspnetjson.test(date)) {
- date = +RegExp.$1
- } else {
- var trimDate = date.trim()
- var dateArray = [0, 0, 0, 0, 0, 0, 0]
- var oDate = new Date(0)
- //取得年月日
- trimDate = trimDate.replace(/^(\d+)\D(\d+)\D(\d+)/, function(_, a, b, c) {
- var array = c.length === 4 ? [c, a, b] : [a, b, c]
- dateArray[0] = toInt(array[0]) //年
- dateArray[1] = toInt(array[1]) - 1 //月
- dateArray[2] = toInt(array[2]) //日
- return ""
- })
- var dateSetter = oDate.setFullYear
- var timeSetter = oDate.setHours
- trimDate = trimDate.replace(/[T\s](\d+):(\d+):?(\d+)?\.?(\d)?/, function(_, a, b, c, d) {
- dateArray[3] = toInt(a) //小时
- dateArray[4] = toInt(b) //分钟
- dateArray[5] = toInt(c) //秒
- if (d) { //毫秒
- dateArray[6] = Math.round(parseFloat("0." + d) * 1000)
- }
- return ""
- })
- var tzHour = 0
- var tzMin = 0
- trimDate = trimDate.replace(/Z|([+-])(\d\d):?(\d\d)/, function(z, symbol, c, d) {
- dateSetter = oDate.setUTCFullYear
- timeSetter = oDate.setUTCHours
- if (symbol) {
- tzHour = toInt(symbol + c)
- tzMin = toInt(symbol + d)
- }
- return ""
- })
- dateArray[3] -= tzHour
- dateArray[4] -= tzMin
- dateSetter.apply(oDate, dateArray.slice(0, 3))
- timeSetter.apply(oDate, dateArray.slice(3))
- date = oDate
- }
- }
- if (typeof date === "number") {
- date = new Date(date)
- }
- if (avalon.type(date) !== "date") {
- return
- }
- while (format) {
- match = rdateFormat.exec(format)
- if (match) {
- parts = parts.concat(match.slice(1))
- format = parts.pop()
- } else {
- parts.push(format)
- format = null
- }
- }
- parts.forEach(function(value) {
- fn = DATE_FORMATS[value]
- text += fn ? fn(date, locate) : value.replace(/(^'|'$)/g, "").replace(/''/g, "'")
- })
- return text
- }
- var locate = {
- AMPMS: {
- 0: "上午",
- 1: "下午"
- },
- DAY: {
- 0: "星期日",
- 1: "星期一",
- 2: "星期二",
- 3: "星期三",
- 4: "星期四",
- 5: "星期五",
- 6: "星期六"
- },
- MONTH: {
- 0: "1月",
- 1: "2月",
- 2: "3月",
- 3: "4月",
- 4: "5月",
- 5: "6月",
- 6: "7月",
- 7: "8月",
- 8: "9月",
- 9: "10月",
- 10: "11月",
- 11: "12月"
- },
- SHORTDAY: {
- "0": "周日",
- "1": "周一",
- "2": "周二",
- "3": "周三",
- "4": "周四",
- "5": "周五",
- "6": "周六"
- },
- fullDate: "y年M月d日EEEE",
- longDate: "y年M月d日",
- medium: "yyyy-M-d H:mm:ss",
- mediumDate: "yyyy-M-d",
- mediumTime: "H:mm:ss",
- "short": "yy-M-d ah:mm",
- shortDate: "yy-M-d",
- shortTime: "ah:mm"
- }
- locate.SHORTMONTH = locate.MONTH
- filters.date.locate = locate
- }// jshint ignore:line