152 lines
5.0 KiB
JavaScript
152 lines
5.0 KiB
JavaScript
|
/*********************************************************************
|
|||
|
* 自带过滤器 *
|
|||
|
**********************************************************************/
|
|||
|
|
|||
|
var rscripts = /<script[^>]*>([\S\s]*?)<\/script\s*>/gim
|
|||
|
var ron = /\s+(on[^=\s]+)(?:=("[^"]*"|'[^']*'|[^\s>]+))?/g
|
|||
|
var ropen = /<\w+\b(?:(["'])[^"]*?(\1)|[^>])*>/gi
|
|||
|
var rsanitize = {
|
|||
|
a: /\b(href)\=("javascript[^"]*"|'javascript[^']*')/gi,
|
|||
|
img: /\b(src)\=("javascript[^"]*"|'javascript[^']*')/gi,
|
|||
|
form: /\b(action)\=("javascript[^"]*"|'javascript[^']*')/gi
|
|||
|
}
|
|||
|
var rsurrogate = /[\uD800-\uDBFF][\uDC00-\uDFFF]/g
|
|||
|
var rnoalphanumeric = /([^\#-~| |!])/g
|
|||
|
|
|||
|
function numberFormat(number, decimals, point, thousands) {
|
|||
|
//form http://phpjs.org/functions/number_format/
|
|||
|
//number 必需,要格式化的数字
|
|||
|
//decimals 可选,规定多少个小数位。
|
|||
|
//point 可选,规定用作小数点的字符串(默认为 . )。
|
|||
|
//thousands 可选,规定用作千位分隔符的字符串(默认为 , ),如果设置了该参数,那么所有其他参数都是必需的。
|
|||
|
number = (number + '').replace(/[^0-9+\-Ee.]/g, '')
|
|||
|
var n = !isFinite(+number) ? 0 : +number,
|
|||
|
prec = !isFinite(+decimals) ? 3 : Math.abs(decimals),
|
|||
|
sep = thousands || ',',
|
|||
|
dec = point || '.',
|
|||
|
s = '',
|
|||
|
toFixedFix = function(n, prec) {
|
|||
|
var k = Math.pow(10, prec)
|
|||
|
return '' + (Math.round(n * k) / k).toFixed(prec)
|
|||
|
}
|
|||
|
// Fix for IE parseFloat(0.55).toFixed(0) = 0;
|
|||
|
s = (prec ? toFixedFix(n, prec) : '' + Math.round(n)).split('.')
|
|||
|
if (s[0].length > 3) {
|
|||
|
s[0] = s[0].replace(/\B(?=(?:\d{3})+(?!\d))/g, sep)
|
|||
|
}
|
|||
|
if ((s[1] || '').length < prec) {
|
|||
|
s[1] = s[1] || ''
|
|||
|
s[1] += new Array(prec - s[1].length + 1).join('0')
|
|||
|
}
|
|||
|
return s.join(dec)
|
|||
|
}
|
|||
|
|
|||
|
var filters = (Anot.filters = {
|
|||
|
uppercase: function(str) {
|
|||
|
return str.toUpperCase()
|
|||
|
},
|
|||
|
lowercase: function(str) {
|
|||
|
return str.toLowerCase()
|
|||
|
},
|
|||
|
//字符串截取,超过指定长度以mark标识接上
|
|||
|
truncate: function(str, len, mark) {
|
|||
|
len = len || 30
|
|||
|
mark = typeof mark === 'string' ? mark : '...'
|
|||
|
return str.slice(0, len) + (str.length <= len ? '' : mark)
|
|||
|
},
|
|||
|
//小值秒数转化为 时间格式
|
|||
|
time: function(str) {
|
|||
|
str = str >> 0
|
|||
|
var s = str % 60
|
|||
|
var m = Math.floor(str / 60)
|
|||
|
var h = Math.floor(m / 60)
|
|||
|
m = m % 60
|
|||
|
m = m < 10 ? '0' + m : m
|
|||
|
s = s < 10 ? '0' + s : s
|
|||
|
|
|||
|
if (h > 0) {
|
|||
|
h = h < 10 ? '0' + h : h
|
|||
|
return h + ':' + m + ':' + s
|
|||
|
}
|
|||
|
return m + ':' + s
|
|||
|
},
|
|||
|
$filter: function(val) {
|
|||
|
for (var i = 1, n = arguments.length; i < n; i++) {
|
|||
|
var array = arguments[i]
|
|||
|
var fn = Anot.filters[array[0]]
|
|||
|
if (typeof fn === 'function') {
|
|||
|
var arr = [val].concat(array.slice(1))
|
|||
|
val = fn.apply(null, arr)
|
|||
|
}
|
|||
|
}
|
|||
|
return val
|
|||
|
},
|
|||
|
camelize: camelize,
|
|||
|
//https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet
|
|||
|
// <a href="javasc
ript:alert('XSS')">chrome</a>
|
|||
|
// <a href="data:text/html;base64, PGltZyBzcmM9eCBvbmVycm9yPWFsZXJ0KDEpPg==">chrome</a>
|
|||
|
// <a href="jav ascript:alert('XSS');">IE67chrome</a>
|
|||
|
// <a href="jav	ascript:alert('XSS');">IE67chrome</a>
|
|||
|
// <a href="jav
ascript:alert('XSS');">IE67chrome</a>
|
|||
|
sanitize: function(str) {
|
|||
|
return str.replace(rscripts, '').replace(ropen, function(a, b) {
|
|||
|
var match = a.toLowerCase().match(/<(\w+)\s/)
|
|||
|
if (match) {
|
|||
|
//处理a标签的href属性,img标签的src属性,form标签的action属性
|
|||
|
var reg = rsanitize[match[1]]
|
|||
|
if (reg) {
|
|||
|
a = a.replace(reg, function(s, name, value) {
|
|||
|
var quote = value.charAt(0)
|
|||
|
return name + '=' + quote + 'javascript:void(0)' + quote // jshint ignore:line
|
|||
|
})
|
|||
|
}
|
|||
|
}
|
|||
|
return a.replace(ron, ' ').replace(/\s+/g, ' ') //移除onXXX事件
|
|||
|
})
|
|||
|
},
|
|||
|
escape: function(str) {
|
|||
|
//将字符串经过 str 转义得到适合在页面中显示的内容, 例如替换 < 为 <
|
|||
|
return String(str)
|
|||
|
.replace(/&/g, '&')
|
|||
|
.replace(rsurrogate, function(value) {
|
|||
|
var hi = value.charCodeAt(0)
|
|||
|
var low = value.charCodeAt(1)
|
|||
|
return '&#' + ((hi - 0xd800) * 0x400 + (low - 0xdc00) + 0x10000) + ';'
|
|||
|
})
|
|||
|
.replace(rnoalphanumeric, function(value) {
|
|||
|
return '&#' + value.charCodeAt(0) + ';'
|
|||
|
})
|
|||
|
.replace(/</g, '<')
|
|||
|
.replace(/>/g, '>')
|
|||
|
},
|
|||
|
currency: function(amount, symbol, fractionSize) {
|
|||
|
return (
|
|||
|
(symbol || '\u00a5') +
|
|||
|
numberFormat(amount, isFinite(fractionSize) ? fractionSize : 2)
|
|||
|
)
|
|||
|
},
|
|||
|
number: numberFormat,
|
|||
|
//日期格式化,类似php的date函数,
|
|||
|
date: function(stamp, str, second) {
|
|||
|
second = second === undefined ? false : true
|
|||
|
var oDate
|
|||
|
if (!Date.isDate(stamp)) {
|
|||
|
if (!/[^\d]/.test(stamp)) {
|
|||
|
stamp -= 0
|
|||
|
if (second) {
|
|||
|
stamp *= 1000
|
|||
|
}
|
|||
|
}
|
|||
|
|
|||
|
oDate = new Date(stamp)
|
|||
|
if (oDate + '' === 'Invalid Date') {
|
|||
|
return 'Invalid Date'
|
|||
|
}
|
|||
|
} else {
|
|||
|
oDate = stamp
|
|||
|
}
|
|||
|
return oDate.format(str)
|
|||
|
}
|
|||
|
})
|
|||
|
|