// http://www.strictly-software.com/htmlencode
Encoder = {
// When encoding do we convert characters into html or numerical entities
EncodeType : "entity", // entity OR numerical
isEmpty : function(val){
if(val){
return ((val===null) || val.length==0 || /^\s+$/.test(val));
}else{
return true;
}
},
// Convert HTML entities into numerical entities
HTML2Numerical : function(s){
var arr1 = new Array(' ','¡','¢','£','¤','¥','¦','§','¨','©','ª','«','¬','','®','¯','°','±','²','³','´','µ','¶','·','¸','¹','º','»','¼','½','¾','¿','à','á','â','ã','Ä','å','æ','ç','è','é','ê','ë','ì','í','î','ï','ð','ñ','ò','ó','ô','õ','Ö','×','ø','ù','ú','û','Ü','ý','þ','ß','à','á','â','ã','ä','å','æ','ç','è','é','ê','ë','ì','í','î','ï','ð','ñ','ò','ó','ô','õ','ö','÷','ø','ù','ú','û','ü','ý','þ','ÿ','"','&','<','>','œ','œ','š','š','ÿ','ˆ','˜',' ',' ',' ','','','','','–','—','‘','’','‚','“','”','„','†','†','‰','‹','›','€','ƒ','α','β','γ','δ','ε','ζ','η','θ','ι','κ','λ','μ','ν','ξ','ο','π','ρ','σ','τ','υ','φ','χ','ψ','ω','α','β','γ','δ','ε','ζ','η','θ','ι','κ','λ','μ','ν','ξ','ο','π','ρ','ς','σ','τ','υ','φ','χ','ψ','ω','ϑ','ϒ','ϖ','•','…','′','′','‾','⁄','℘','ℑ','ℜ','™','ℵ','←','↑','→','↓','↔','↵','←','↑','→','↓','↔','∀','∂','∃','∅','∇','∈','∉','∋','∏','∑','−','∗','√','∝','∞','∠','∧','∨','∩','∪','∫','∴','∼','≅','≈','≠','≡','≤','≥','⊂','⊃','⊄','⊆','⊇','⊕','⊗','⊥','⋅','⌈','⌉','⌊','⌋','⟨','⟩','◊','♠','♣','♥','♦');
var arr2 = new Array(' ','¡','¢','£','¤','¥','¦','§','¨','©','ª','«','¬','','®','¯','°','±','²','³','´','µ','¶','·','¸','¹','º','»','¼','½','¾','¿','À','Á','Â','Ã','Ä','Å','Æ','Ç','È','É','Ê','Ë','Ì','Í','Î','Ï','Ð','Ñ','Ò','Ó','Ô','Õ','Ö','×','Ø','Ù','Ú','Û','Ü','Ý','Þ','ß','à','á','â','ã','ä','å','æ','ç','è','é','ê','ë','ì','í','î','ï','ð','ñ','ò','ó','ô','õ','ö','÷','ø','ù','ú','û','ü','ý','þ','ÿ','"','&','<','>','Œ','œ','Š','š','Ÿ','ˆ','˜',' ',' ',' ','','','','','–','—','‘','’','‚','“','”','„','†','‡','‰','‹','›','€','ƒ','Α','Β','Γ','Δ','Ε','Ζ','Η','Θ','Ι','Κ','Λ','Μ','Ν','Ξ','Ο','Π','Ρ','Σ','Τ','Υ','Φ','Χ','Ψ','Ω','α','β','γ','δ','ε','ζ','η','θ','ι','κ','λ','μ','ν','ξ','ο','π','ρ','ς','σ','τ','υ','φ','χ','ψ','ω','ϑ','ϒ','ϖ','•','…','′','″','‾','⁄','℘','ℑ','ℜ','™','ℵ','←','↑','→','↓','↔','↵','⇐','⇑','⇒','⇓','⇔','∀','∂','∃','∅','∇','∈','∉','∋','∏','∑','−','∗','√','∝','∞','∠','∧','∨','∩','∪','∫','∴','∼','≅','≈','≠','≡','≤','≥','⊂','⊃','⊄','⊆','⊇','⊕','⊗','⊥','⋅','⌈','⌉','⌊','⌋','〈','〉','◊','♠','♣','♥','♦');
return this.swapArrayVals(s,arr1,arr2);
},
// Convert Numerical entities into HTML entities
NumericalToHTML : function(s){
var arr1 = new Array(' ','¡','¢','£','¤','¥','¦','§','¨','©','ª','«','¬','','®','¯','°','±','²','³','´','µ','¶','·','¸','¹','º','»','¼','½','¾','¿','À','Á','Â','Ã','Ä','Å','Æ','Ç','È','É','Ê','Ë','Ì','Í','Î','Ï','Ð','Ñ','Ò','Ó','Ô','Õ','Ö','×','Ø','Ù','Ú','Û','Ü','Ý','Þ','ß','à','á','â','ã','ä','å','æ','ç','è','é','ê','ë','ì','í','î','ï','ð','ñ','ò','ó','ô','õ','ö','÷','ø','ù','ú','û','ü','ý','þ','ÿ','"','&','<','>','Œ','œ','Š','š','Ÿ','ˆ','˜',' ',' ',' ','','','','','–','—','‘','’','‚','“','”','„','†','‡','‰','‹','›','€','ƒ','Α','Β','Γ','Δ','Ε','Ζ','Η','Θ','Ι','Κ','Λ','Μ','Ν','Ξ','Ο','Π','Ρ','Σ','Τ','Υ','Φ','Χ','Ψ','Ω','α','β','γ','δ','ε','ζ','η','θ','ι','κ','λ','μ','ν','ξ','ο','π','ρ','ς','σ','τ','υ','φ','χ','ψ','ω','ϑ','ϒ','ϖ','•','…','′','″','‾','⁄','℘','ℑ','ℜ','™','ℵ','←','↑','→','↓','↔','↵','⇐','⇑','⇒','⇓','⇔','∀','∂','∃','∅','∇','∈','∉','∋','∏','∑','−','∗','√','∝','∞','∠','∧','∨','∩','∪','∫','∴','∼','≅','≈','≠','≡','≤','≥','⊂','⊃','⊄','⊆','⊇','⊕','⊗','⊥','⋅','⌈','⌉','⌊','⌋','〈','〉','◊','♠','♣','♥','♦');
var arr2 = new Array(' ','¡','¢','£','¤','¥','¦','§','¨','©','ª','«','¬','','®','¯','°','±','²','³','´','µ','¶','·','¸','¹','º','»','¼','½','¾','¿','à','á','â','ã','Ä','å','æ','ç','è','é','ê','ë','ì','í','î','ï','ð','ñ','ò','ó','ô','õ','Ö','×','ø','ù','ú','û','Ü','ý','þ','ß','à','á','â','ã','ä','å','æ','ç','è','é','ê','ë','ì','í','î','ï','ð','ñ','ò','ó','ô','õ','ö','÷','ø','ù','ú','û','ü','ý','þ','ÿ','"','&','<','>','œ','œ','š','š','ÿ','ˆ','˜',' ',' ',' ','','','','','–','—','‘','’','‚','“','”','„','†','†','‰','‹','›','€','ƒ','α','β','γ','δ','ε','ζ','η','θ','ι','κ','λ','μ','ν','ξ','ο','π','ρ','σ','τ','υ','φ','χ','ψ','ω','α','β','γ','δ','ε','ζ','η','θ','ι','κ','λ','μ','ν','ξ','ο','π','ρ','ς','σ','τ','υ','φ','χ','ψ','ω','ϑ','ϒ','ϖ','•','…','′','′','‾','⁄','℘','ℑ','ℜ','™','ℵ','←','↑','→','↓','↔','↵','←','↑','→','↓','↔','∀','∂','∃','∅','∇','∈','∉','∋','∏','∑','−','∗','√','∝','∞','∠','∧','∨','∩','∪','∫','∴','∼','≅','≈','≠','≡','≤','≥','⊂','⊃','⊄','⊆','⊇','⊕','⊗','⊥','⋅','⌈','⌉','⌊','⌋','⟨','⟩','◊','♠','♣','♥','♦');
return this.swapArrayVals(s,arr1,arr2);
},
// Numerically encodes all unicode characters
numEncode : function(s){
if(this.isEmpty(s)) return "";
var e = "";
for (var i = 0; i < s.length; i++)
{
var c = s.charAt(i);
if (c < " " || c > "~")
{
c = "&#" + c.charCodeAt() + ";";
}
e += c;
}
return e;
},
// HTML Decode numerical and HTML entities back to original values
htmlDecode : function(s){
var c,m,d = s;
if(this.isEmpty(d)) return "";
// convert HTML entites back to numerical entites first
d = this.HTML2Numerical(d);
// look for numerical entities "
arr=d.match(/&#[0-9]{1,5};/g);
// if no matches found in string then skip
if(arr!=null){
for(var x=0;x= -32768 && c <= 65535){
// decode every single match within string
d = d.replace(m, String.fromCharCode(c));
}else{
d = d.replace(m, ""); //invalid so replace with nada
}
}
}
return d;
},
// encode an input string into either numerical or HTML entities
htmlEncode : function(s,dbl){
if(this.isEmpty(s)) return "";
// do we allow double encoding? E.g will & be turned into &
dbl = dbl | false; //default to prevent double encoding
// if allowing double encoding we do ampersands first
if(dbl){
if(this.EncodeType=="numerical"){
s = s.replace(/&/g, "&");
}else{
s = s.replace(/&/g, "&");
}
}
// convert the xss chars to numerical entities ' " < >
s = this.XSSEncode(s,false);
if(this.EncodeType=="numerical" || !dbl){
// Now call function that will convert any HTML entities to numerical codes
s = this.HTML2Numerical(s);
}
// Now encode all chars above 127 e.g unicode
s = this.numEncode(s);
// now we know anything that needs to be encoded has been converted to numerical entities we
// can encode any ampersands & that are not part of encoded entities
// to handle the fact that I need to do a negative check and handle multiple ampersands &&&
// I am going to use a placeholder
// if we don't want double encoded entities we ignore the & in existing entities
if(!dbl){
s = s.replace(/&#/g,"##AMPHASH##");
if(this.EncodeType=="numerical"){
s = s.replace(/&/g, "&");
}else{
s = s.replace(/&/g, "&");
}
s = s.replace(/##AMPHASH##/g,"&#");
}
// replace any malformed entities
s = s.replace(/&#\d*([^\d;]|$)/g, "$1");
if(!dbl){
// safety check to correct any double encoded &
s = this.correctEncoding(s);
}
// now do we need to convert our numerical encoded string into entities
if(this.EncodeType=="entity"){
s = this.NumericalToHTML(s);
}
return s;
},
// Encodes the basic 4 characters used to malform HTML in XSS hacks
XSSEncode : function(s,en){
if(!this.isEmpty(s)){
en = en || true;
// do we convert to numerical or html entity?
if(en){
s = s.replace(/\'/g,"'"); //no HTML equivalent as &apos is not cross browser supported
s = s.replace(/\"/g,""");
s = s.replace(//g,">");
}else{
s = s.replace(/\'/g,"'"); //no HTML equivalent as &apos is not cross browser supported
s = s.replace(/\"/g,""");
s = s.replace(//g,">");
}
return s;
}else{
return "";
}
},
// returns true if a string contains html or numerical encoded entities
hasEncoded : function(s){
if(/&#[0-9]{1,5};/g.test(s)){
return true;
}else if(/&[A-Z]{2,6};/gi.test(s)){
return true;
}else{
return false;
}
},
// will remove any unicode characters
stripUnicode : function(s){
return s.replace(/[^\x20-\x7E]/g,"");
},
// corrects any double encoded & entities e.g &
correctEncoding : function(s){
return s.replace(/(&)(amp;)+/,"$1");
},
// Function to loop through an array swaping each item with the value from another array e.g swap HTML entities with Numericals
swapArrayVals : function(s,arr1,arr2){
if(this.isEmpty(s)) return "";
var re;
if(arr1 && arr2){
//ShowDebug("in swapArrayVals arr1.length = " + arr1.length + " arr2.length = " + arr2.length)
// array lengths must match
if(arr1.length == arr2.length){
for(var x=0,i=arr1.length;x