Remove escaping from `linkText`

We leverage jQuery’s HTML escaping in `$.html(…)`.
7 years ago · 9d41b86162
parent f04c65088b
commit 9d41b86162
4 changed files with 5 additions and 21 deletions
--- a/js/modules/link_text.js
+++ b/js/modules/link_text.js
@ -2,7 +2,6 @@
 // jQuery’s escaping mechanism:

 var linkify = require('linkify-it')()
-var escape = require('escape-html')

 function createLink (url, text, attrs) {
  attrs = attrs || {}
@ -22,7 +21,6 @@ function createLink (url, text, attrs) {

 module.exports = function (text, attrs) {
  attrs = attrs || {}
-  text = escape(text)

  var matchData = linkify.match(text) || []

--- a/package.json
+++ b/package.json
@ -72,7 +72,6 @@
    "fs-extra": "^5.0.0",
    "google-libphonenumber": "^3.0.7",
    "got": "^8.2.0",
-    "link-text": "^0.0.1",
    "linkify-it": "^2.0.3",
    "lodash": "^4.17.4",
    "mkdirp": "^0.5.1",
--- a/ts/test-unit/html/index_test.ts
+++ b/ts/test-unit/html/index_test.ts
@ -20,7 +20,7 @@ describe('HTML', () => {
      {
        name: 'square brackets',
        input: 'https://www.example.com/test.html?foo=bar&baz[qux]=quux',
-        output: 'https://www.example.com/test.html?foo=bar&amp;baz[qux]=quux',
+        output: 'https://www.example.com/test.html?foo=bar&baz[qux]=quux',
      },
      {
        name: 'Chinese characters',
@ -41,7 +41,7 @@ describe('HTML', () => {
      {
        name: 'single quotes',
        input: "https://www.example.com/this-couldn't-be-true",
-        output: "https://www.example.com/this-couldn#39;t-be-true",
+        output: "https://www.example.com/this-couldn't-be-true",
      },
      {
        name: 'special characters before URL begins',
@ -85,9 +85,9 @@ describe('HTML', () => {
      assert.equal(actual, expected);
    });

-    it('should escape HTML', () => {
+    it('should not escape HTML', () => {
      const input: string = "Hello\n<script>alert('evil');</script>World!";
-      const expected: string = 'Hello<br>&lt;script&gt;alert(&#39;evil&#39;);&lt;/script&gt;World!';
+      const expected: string = "Hello<br><script>alert('evil');</script>World!";

      const actual = HTML.render(input);
      assert.equal(actual, expected);
--- a/yarn.lock
+++ b/yarn.lock
@ -2745,7 +2745,7 @@ es6-promisify@^5.0.0:
  dependencies:
    es6-promise "^4.0.3"

-escape-html@^1.0.3, escape-html@~1.0.3:
+escape-html@~1.0.3:
  version "1.0.3"
  resolved "https://registry.yarnpkg.com/escape-html/-/escape-html-1.0.3.tgz#0258eae4d3d0c0974de1c169188ef0051d1d1988"

@ -5163,19 +5163,6 @@ lie@*:
  dependencies:
    immediate "~3.0.5"

-link-text@^0.0.1:
-  version "0.0.1"
-  resolved "https://registry.yarnpkg.com/link-text/-/link-text-0.0.1.tgz#d185042f4ec3eda07af7aeb773ab7f7cbd18adc2"
-  dependencies:
-    escape-html "^1.0.3"
-    linkify-it "^1.2.0"
-
-linkify-it@^1.2.0:
-  version "1.2.4"
-  resolved "https://registry.yarnpkg.com/linkify-it/-/linkify-it-1.2.4.tgz#0773526c317c8fd13bd534ee1d180ff88abf881a"
-  dependencies:
-    uc.micro "^1.0.1"
-
 linkify-it@^2.0.3:
  version "2.0.3"
  resolved "https://registry.yarnpkg.com/linkify-it/-/linkify-it-2.0.3.tgz#d94a4648f9b1c179d64fa97291268bdb6ce9434f"