/********************************************************************* * 自带过滤器 * **********************************************************************/ var rscripts = /]*>([\S\s]*?)<\/script\s*>/gim var ron = /\s+(on[^=\s]+)(?:=("[^"]*"|'[^']*'|[^\s>]+))?/g var ropen = /<\w+\b(?:(["'])[^"]*?(\1)|[^>])*>/gi var rsanitize = { a: /\b(href)\=("javascript[^"]*"|'javascript[^']*')/gi, img: /\b(src)\=("javascript[^"]*"|'javascript[^']*')/gi, form: /\b(action)\=("javascript[^"]*"|'javascript[^']*')/gi } var rsurrogate = /[\uD800-\uDBFF][\uDC00-\uDFFF]/g var rnoalphanumeric = /([^\#-~| |!])/g function numberFormat(number, decimals, point, thousands) { //form http://phpjs.org/functions/number_format/ //number 必需,要格式化的数字 //decimals 可选,规定多少个小数位。 //point 可选,规定用作小数点的字符串(默认为 . )。 //thousands 可选,规定用作千位分隔符的字符串(默认为 , ),如果设置了该参数,那么所有其他参数都是必需的。 number = (number + '').replace(/[^0-9+\-Ee.]/g, '') var n = !isFinite(+number) ? 0 : +number, prec = !isFinite(+decimals) ? 3 : Math.abs(decimals), sep = thousands || ',', dec = point || '.', s = '', toFixedFix = function(n, prec) { var k = Math.pow(10, prec) return '' + (Math.round(n * k) / k).toFixed(prec) } // Fix for IE parseFloat(0.55).toFixed(0) = 0; s = (prec ? toFixedFix(n, prec) : '' + Math.round(n)).split('.') if (s[0].length > 3) { s[0] = s[0].replace(/\B(?=(?:\d{3})+(?!\d))/g, sep) } if ((s[1] || '').length < prec) { s[1] = s[1] || '' s[1] += new Array(prec - s[1].length + 1).join('0') } return s.join(dec) } var filters = (Anot.filters = { uppercase: function(str) { return str.toUpperCase() }, lowercase: function(str) { return str.toLowerCase() }, //字符串截取,超过指定长度以mark标识接上 truncate: function(str, len, mark) { len = len || 30 mark = typeof mark === 'string' ? mark : '...' return str.slice(0, len) + (str.length <= len ? '' : mark) }, //小值秒数转化为 时间格式 time: function(str) { str = str >> 0 var s = str % 60 var m = Math.floor(str / 60) var h = Math.floor(m / 60) m = m % 60 m = m < 10 ? '0' + m : m s = s < 10 ? '0' + s : s if (h > 0) { h = h < 10 ? '0' + h : h return h + ':' + m + ':' + s } return m + ':' + s }, $filter: function(val) { for (var i = 1, n = arguments.length; i < n; i++) { var array = arguments[i] var fn = Anot.filters[array[0]] if (typeof fn === 'function') { var arr = [val].concat(array.slice(1)) val = fn.apply(null, arr) } } return val }, camelize: camelize, //https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet // chrome // chrome // IE67chrome // IE67chrome // IE67chrome sanitize: function(str) { return str.replace(rscripts, '').replace(ropen, function(a, b) { var match = a.toLowerCase().match(/<(\w+)\s/) if (match) { //处理a标签的href属性,img标签的src属性,form标签的action属性 var reg = rsanitize[match[1]] if (reg) { a = a.replace(reg, function(s, name, value) { var quote = value.charAt(0) return name + '=' + quote + 'javascript:void(0)' + quote // jshint ignore:line }) } } return a.replace(ron, ' ').replace(/\s+/g, ' ') //移除onXXX事件 }) }, escape: function(str) { //将字符串经过 str 转义得到适合在页面中显示的内容, 例如替换 < 为 < return String(str) .replace(/&/g, '&') .replace(rsurrogate, function(value) { var hi = value.charCodeAt(0) var low = value.charCodeAt(1) return '&#' + ((hi - 0xd800) * 0x400 + (low - 0xdc00) + 0x10000) + ';' }) .replace(rnoalphanumeric, function(value) { return '&#' + value.charCodeAt(0) + ';' }) .replace(//g, '>') }, currency: function(amount, symbol, fractionSize) { return ( (symbol || '\u00a5') + numberFormat(amount, isFinite(fractionSize) ? fractionSize : 2) ) }, number: numberFormat, //日期格式化,类似php的date函数, date: function(stamp, str, second) { second = second === undefined ? false : true var oDate if (!Date.isDate(stamp)) { if (!/[^\d]/.test(stamp)) { stamp -= 0 if (second) { stamp *= 1000 } } oDate = new Date(stamp) if (oDate + '' === 'Invalid Date') { return 'Invalid Date' } } else { oDate = stamp } return oDate.format(str) } })