N°4386 - Remove deprecated EncodeHtml in utils.js

2026-02-13 07:24:13 +01:00 · 2025-07-29 08:48:44 +02:00
parent 4bbd1fea5c
commit 09364ccf84
1 changed files with 0 additions and 27 deletions
--- a/js/utils.js
+++ b/js/utils.js
@@ -613,33 +613,6 @@ function ExportInitButton(sSelector) {
 	});
 }

-/**
- * @deprecated 3.0.0 N°4367 deprecated, use {@see CombodoSanitizer.EscapeHtml} instead
- *
- * @param sValue value to escape
- * @param bReplaceAmp if false don't replace "&" (can be useful when sValue contains html entities we want to keep)
- * @returns {string} escaped value, ready to insert in the DOM without XSS risk
- *
- * @since 2.6.5, 2.7.2, 3.0.0 N°3332
- * @see https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html#rule-1-html-encode-before-inserting-untrusted-data-into-html-element-content
- * @see https://stackoverflow.com/questions/295566/sanitize-rewrite-html-on-the-client-side/430240#430240 why inserting in the DOM (for
- *        example the text() JQuery way) isn't safe
- */
-function EncodeHtml(sValue, bReplaceAmp) {
-	var sEncodedValue = (sValue+'')
-		.replace(/</g, '&lt;')
-		.replace(/>/g, '&gt;')
-		.replace(/"/g, '&quot;')
-		.replace(/'/g, '&#x27;')
-		.replace(/\//g, '&#x2F;');
-
-	if (bReplaceAmp) {
-		sEncodedValue = sEncodedValue.replace(/&/g, '&amp;');
-	}
-
-	return sEncodedValue;
-}
-
 // Very simple equivalent to format: placeholders are %1$s %2$d ...
 function Format() {
 	var args = [];