Merge b7970f6386 into b7afe6b236

vlib/encoding/html/escape.v

@@ -13,7 +13,7 @@ pub struct EscapeConfig {
 pub fn escape(input string, config EscapeConfig) string {
 	tag_free_input := input.replace_each(['&', '&amp;', '<', '&lt;', '>', '&gt;'])
 	return if config.quote {
-		tag_free_input.replace_each(['"', '&quot;', "'", '&#x27;'])
+		tag_free_input.replace_each(['"', '&#34;', "'", '&#39;'])
 	} else {
 		tag_free_input
 	}

vlib/encoding/html/escape_test.v

@@ -5,15 +5,15 @@ fn test_escape_html() {
 	assert html.escape('No change') == 'No change'
 	assert html.escape('<b>Bold text</b>') == '&lt;b&gt;Bold text&lt;/b&gt;'
 	assert html.escape('<img />') == '&lt;img /&gt;'
-	assert html.escape("' onmouseover='alert(1)'") == '&#x27; onmouseover=&#x27;alert(1)&#x27;'
-	assert html.escape("<a href='http://www.example.com'>link</a>") == '&lt;a href=&#x27;http://www.example.com&#x27;&gt;link&lt;/a&gt;'
-	assert html.escape("<script>alert('hello');</script>") == '&lt;script&gt;alert(&#x27;hello&#x27;);&lt;/script&gt;'
+	assert html.escape("' onmouseover='alert(1)'") == '&#39; onmouseover=&#39;alert(1)&#39;'
+	assert html.escape("<a href='http://www.example.com'>link</a>") == '&lt;a href=&#39;http://www.example.com&#39;&gt;link&lt;/a&gt;'
+	assert html.escape("<script>alert('hello');</script>") == '&lt;script&gt;alert(&#39;hello&#39;);&lt;/script&gt;'
 	// Cases obtained from:
 	// https://github.com/apache/commons-lang/blob/master/src/test/java/org/apache/commons/lang3/StringEscapeUtilsTest.java
 	assert html.escape('plain text') == 'plain text'
 	assert html.escape('') == ''
 	assert html.escape('bread & butter') == 'bread &amp; butter'
-	assert html.escape('"bread" & butter') == '&quot;bread&quot; &amp; butter'
+	assert html.escape('"bread" & butter') == '&#34;bread&#34; &amp; butter'
 	assert html.escape('greater than >') == 'greater than &gt;'
 	assert html.escape('< less than') == '&lt; less than'
 	// Leave accents as-is

vlib/encoding/html/unescape.v

@@ -0,0 +1,22 @@
+module html
+
+/*
+unescape() automatically convert HTML Encoded text to its original text
+and it doesn't matter the HTML Encoded be in which type (symbolic, decimal, hex)
+all the types are supported
+Usage:
+```
+import html
+fn main() {
+	text := "Hello, 'World'"
+	decode := html.unescape(text)
+	println(decode)
+}
+```
+*/
+pub fn unescape(input string) string {
+	mut escape_to_text := ['&amp;', '&', '&lt;', '<', '&gt;', '>', '&apos;', "'", '&quot;', '"',
+		'&#38;', '&', '&#60;', '<', '&#62;', '>', '&#39;', "'", '&#34;', '"', '&#x26;', '&', '&#x3C;',
+		'<', '&#x3E;', '>', '&#x27;', "'", '&#x22;', '"']
+	return input.replace_each(escape_to_text)
+}

vlib/encoding/html/unescape_test.v

@@ -0,0 +1,22 @@
+import encoding.html
+
+fn test_unescape_html() {
+	assert html.unescape('&lt;&gt;&amp;') == '<>&'
+	assert html.unescape('No change') == 'No change'
+	assert html.unescape('&lt;b&gt;Bold text&lt;/b&gt;') == '<b>Bold text</b>'
+	assert html.unescape('&lt;img /&gt;') == '<img />'
+	assert html.unescape('&apos; onmouseover=&apos;alert(1)&apos;') == "' onmouseover='alert(1)'"
+	assert html.unescape('&lt;a href=&apos;http://www.example.com&apos;&gt;link&lt;/a&gt;') == "<a href='http://www.example.com'>link</a>"
+	assert html.unescape('&lt;script&gt;alert(&apos;hello&apos;);&lt;/script&gt;') == "<script>alert('hello');</script>"
+	// Cases obtained from:
+	// https://github.com/apache/commons-lang/blob/master/src/test/java/org/apache/commons/lang3/StringEscapeUtilsTest.java
+	assert html.unescape('plain text') == 'plain text'
+	assert html.unescape('') == ''
+	assert html.unescape('bread &amp; butter') == 'bread & butter'
+	assert html.unescape('&#34;bread&#34; &amp; butter') == '"bread" & butter'
+	assert html.unescape('greater than &gt;') == 'greater than >'
+	assert html.unescape('&lt; less than') == '< less than'
+	// Leave accents as-is
+	assert html.escape('café') == 'café'
+	assert html.escape('<p>façade</p>') == '&lt;p&gt;façade&lt;/p&gt;'
+}