From 09364ccf84220bd8e1120c5e01ea67d46a5af7e8 Mon Sep 17 00:00:00 2001 From: Stephen Abello Date: Tue, 29 Jul 2025 08:48:44 +0200 Subject: [PATCH] =?UTF-8?q?=20N=C2=B04386=20-=20Remove=20deprecated=20Enco?= =?UTF-8?q?deHtml=20in=20utils.js?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- js/utils.js | 27 --------------------------- 1 file changed, 27 deletions(-) diff --git a/js/utils.js b/js/utils.js index 78f2dd8b1..fb681bfe5 100644 --- a/js/utils.js +++ b/js/utils.js @@ -613,33 +613,6 @@ function ExportInitButton(sSelector) { }); } -/** - * @deprecated 3.0.0 N°4367 deprecated, use {@see CombodoSanitizer.EscapeHtml} instead - * - * @param sValue value to escape - * @param bReplaceAmp if false don't replace "&" (can be useful when sValue contains html entities we want to keep) - * @returns {string} escaped value, ready to insert in the DOM without XSS risk - * - * @since 2.6.5, 2.7.2, 3.0.0 N°3332 - * @see https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html#rule-1-html-encode-before-inserting-untrusted-data-into-html-element-content - * @see https://stackoverflow.com/questions/295566/sanitize-rewrite-html-on-the-client-side/430240#430240 why inserting in the DOM (for - * example the text() JQuery way) isn't safe - */ -function EncodeHtml(sValue, bReplaceAmp) { - var sEncodedValue = (sValue+'') - .replace(//g, '>') - .replace(/"/g, '"') - .replace(/'/g, ''') - .replace(/\//g, '/'); - - if (bReplaceAmp) { - sEncodedValue = sEncodedValue.replace(/&/g, '&'); - } - - return sEncodedValue; -} - // Very simple equivalent to format: placeholders are %1$s %2$d ... function Format() { var args = [];