Bump version to 1.1.0

README.md

@@ -96,8 +96,8 @@ Then a global variable `v` is exposed for the entire library:
 | [v.slugify][slugify]                 | [v.isUpperCase][isUpperCase]   | **Count**                            | [v.graphemes][graphemes]       |                                |
 | [v.splice][splice]                   | [v.matches][matches]           | [v.count][count]                     | [v.split][split]               |                                |
 | [v.trim][trim]                       | [v.startsWith][startsWith]     | [v.countGraphemes][countGraphemes]   | [v.words][words]               |                                |
-| [v.trimLeft][trimLeft]               | **Format**                     | [v.countSubstrings][countSubstrings] |                                |                                |
-| [v.trimRight][trimRight]             | [v.sprintf][sprintf]           | [v.countWhere][countWhere]           |                                |                                |
+| [v.trimLeft][trimLeft]               | **Format**                     | [v.countSubstrings][countSubstrings] | **Strip**                      |                                |
+| [v.trimRight][trimRight]             | [v.sprintf][sprintf]           | [v.countWhere][countWhere]           | [v.stripTags][stripTags]       |                                |
 | [v.wordWrap][wordWrap]               | [v.vprintf][vprintf]           | [v.countWords][countWords]           |                                |                                |
 
 ## Bug reports
@@ -132,9 +132,9 @@ Licensed under [MIT](https://github.com/panzerdp/voca/blob/master/LICENSE.md)
 
 [CODE_OF_CONDUCT]: https://github.com/panzerdp/voca/blob/master/CODE_OF_CONDUCT.md
 [CONTRIBUTING]: https://github.com/panzerdp/voca/blob/master/.github/CONTRIBUTING.md
-[voca_min_js]: https://raw.githubusercontent.com/panzerdp/voca/1.0.0/dist/voca.min.js
-[source_map]: https://raw.githubusercontent.com/panzerdp/voca/1.0.0/dist/voca.min.js.map
-[voca_js]: https://raw.githubusercontent.com/panzerdp/voca/1.0.0/dist/voca.js
+[voca_min_js]: https://raw.githubusercontent.com/panzerdp/voca/1.1.0/dist/voca.min.js
+[source_map]: https://raw.githubusercontent.com/panzerdp/voca/1.1.0/dist/voca.min.js.map
+[voca_js]: https://raw.githubusercontent.com/panzerdp/voca/1.1.0/dist/voca.js
 [voca]: https://vocajs.com
 [logo]: https://github.com/panzerdp/voca/raw/master/jsdoc/template/static/images/[email protected]
 [logo_commonjs]: https://github.com/panzerdp/voca/raw/master/jsdoc/template/static/images/[email protected]
@@ -212,3 +212,5 @@ Licensed under [MIT](https://github.com/panzerdp/voca/blob/master/LICENSE.md)
 [graphemes]: https://vocajs.com/#graphemes
 [split]: https://vocajs.com/#split
 [words]: https://vocajs.com/#words
+
+[stripTags]: https://vocajs.com/#stripTags

dist/voca.js

@@ -1,5 +1,5 @@
 /*! 
- * Voca string library 1.0.0
+ * Voca string library 1.1.0
  * https://vocajs.com
  *
  * Copyright Dmitri Pavlutin and other contributors
@@ -3263,7 +3263,6 @@ function parseTagName(tagContent) {
   return tagName;
 }
 
-/* eslint-disable */
 var STATE_OUTPUT = 0;
 var STATE_HTML = 1;
 var STATE_EXCLAMATION = 2;
@@ -3276,16 +3275,20 @@ var STATE_COMMENT = 3;
  * @static
  * @since 1.1.0
  * @memberOf Strip
- * @param {string} [subject=''] The string to strip.
- * @param {string|Array} [allowableTags] The string or array of tags that should not be stripped.
+ * @param {string} [subject=''] The string to strip from.
+ * @param {string|Array} [allowableTags] The string `'<tag1><tag2>'` or array `['tag1', 'tag2']` of tags that should not be stripped.
  * @param {string} [replacement=''] The string to replace the stripped tag.
  * @return {string} Returns the stripped string.
  * @example
- * v.trim(' Mother nature ');
- * // => 'Mother nature'
  *
- * v.trim('--Earth--', '-');
- * // => 'Earth'
+ * v.stripTags('<span><a href="#">Summer</a> is nice</span>');
+ * // => 'Summer is nice'
+ *
+ * v.stripTags('<span><i>Winter</i> is <b>cold</b></span>', ['b', 'i']);
+ * // => '<i>Winter</i> is <b>cold</b>'
+ *
+ * v.stripTags('Sun<br/>set', '', '-');
+ * // => 'Sun-set'
  */
 function trim$1(subject, allowableTags, replacement) {
   subject = coerceToString(subject);
@@ -3377,10 +3380,12 @@ function trim$1(subject, allowableTags, replacement) {
             var tagName = parseTagName(tagContent);
             if (allowableTags.indexOf(tagName.toLowerCase()) !== -1) {
               output += tagContent;
+            } else {
+              output += replacementString;
             }
             tagContent = '';
           } else {
-            tagContent += replacementString;
+            output += replacementString;
           }
           break;
         }
@@ -3446,7 +3451,7 @@ var previousV = globalObject.v;
  * @return {Object} Returns Voca library instance.
  * @example
  * var voca = v.noConflict();
- * voca.isAlhpa('Hello');
+ * voca.isAlpha('Hello');
  * // => true
  */
 function noConflict() {
@@ -3465,9 +3470,9 @@ function noConflict() {
  * @type string
  * @example
  * v.version
- * // => '1.0.0'
+ * // => '1.1.0'
  */
-var version = '1.0.0';
+var version = '1.1.0';
 
 /* eslint sort-imports: "off" */
 

jsdoc/template/tmpl/introduction.tmpl

@@ -117,11 +117,11 @@ slugify('caffé latté');    // => 'caffe-latte'</code></pre>
 
     <ul>
       <li>
-        <a href="https://raw.githubusercontent.com/panzerdp/voca/1.0.0/dist/voca.min.js">voca.min.js</a>
-        minified production-ready, with <a href="https://raw.githubusercontent.com/panzerdp/voca/1.0.0/dist/voca.min.js.map">source map</a>
+        <a href="https://raw.githubusercontent.com/panzerdp/voca/1.1.0/dist/voca.min.js">voca.min.js</a>
+        minified production-ready, with <a href="https://raw.githubusercontent.com/panzerdp/voca/1.1.0/dist/voca.min.js.map">source map</a>
       </li>
       <li>
-        <a href="https://raw.githubusercontent.com/panzerdp/voca/1.0.0/dist/voca.js">voca.js</a> uncompressed
+        <a href="https://raw.githubusercontent.com/panzerdp/voca/1.1.0/dist/voca.js">voca.js</a> uncompressed
         with comments
       </li>
     </ul>

jsdoc/template/tmpl/layout.tmpl

@@ -69,7 +69,7 @@
         </h2>
       </td>
       <td class="voca-version">
-        <a href="#">v1.0.0</a>
+        <a href="#">v1.1.0</a>
       </td>
     </tr>
   </table>

package.json

@@ -1,6 +1,6 @@
 {
   "name": "voca",
-  "version": "1.0.0",
+  "version": "1.1.0",
   "description": "The ultimate JavaScript string library",
   "homepage": "https://vocajs.com",
   "author": {

src/util/version.js

@@ -7,8 +7,8 @@
  * @type string
  * @example
  * v.version
- * // => '1.0.0'
+ * // => '1.1.0'
  */
-const version = '1.0.0';
+const version = '1.1.0';
 
 export default version;

test_runner/test_bundle.js

@@ -3273,7 +3273,6 @@ function parseTagName(tagContent) {
   return tagName;
 }
 
-/* eslint-disable */
 var STATE_OUTPUT = 0;
 var STATE_HTML = 1;
 var STATE_EXCLAMATION = 2;
@@ -3286,16 +3285,20 @@ var STATE_COMMENT = 3;
  * @static
  * @since 1.1.0
  * @memberOf Strip
- * @param {string} [subject=''] The string to strip.
- * @param {string|Array} [allowableTags] The string or array of tags that should not be stripped.
+ * @param {string} [subject=''] The string to strip from.
+ * @param {string|Array} [allowableTags] The string `'<tag1><tag2>'` or array `['tag1', 'tag2']` of tags that should not be stripped.
  * @param {string} [replacement=''] The string to replace the stripped tag.
  * @return {string} Returns the stripped string.
  * @example
- * v.trim(' Mother nature ');
- * // => 'Mother nature'
  *
- * v.trim('--Earth--', '-');
- * // => 'Earth'
+ * v.stripTags('<span><a href="#">Summer</a> is nice</span>');
+ * // => 'Summer is nice'
+ *
+ * v.stripTags('<span><i>Winter</i> is <b>cold</b></span>', ['b', 'i']);
+ * // => '<i>Winter</i> is <b>cold</b>'
+ *
+ * v.stripTags('Sun<br/>set', '', '-');
+ * // => 'Sun-set'
  */
 function trim$1(subject, allowableTags, replacement) {
   subject = coerceToString(subject);
@@ -3387,10 +3390,12 @@ function trim$1(subject, allowableTags, replacement) {
             var tagName = parseTagName(tagContent);
             if (allowableTags.indexOf(tagName.toLowerCase()) !== -1) {
               output += tagContent;
+            } else {
+              output += replacementString;
             }
             tagContent = '';
           } else {
-            tagContent += replacementString;
+            output += replacementString;
           }
           break;
         }
@@ -3456,7 +3461,7 @@ var previousV = globalObject.v;
  * @return {Object} Returns Voca library instance.
  * @example
  * var voca = v.noConflict();
- * voca.isAlhpa('Hello');
+ * voca.isAlpha('Hello');
  * // => true
  */
 function noConflict() {
@@ -3475,9 +3480,9 @@ function noConflict() {
  * @type string
  * @example
  * v.version
- * // => '1.0.0'
+ * // => '1.1.0'
  */
-var version = '1.0.0';
+var version = '1.1.0';
 
 /* eslint sort-imports: "off" */
 
@@ -7329,7 +7334,6 @@ describe('words', function () {
   });
 });
 
-/* eslint-disable */
 describe('stripTags', function () {
 
   it('should strip tags', function () {
@@ -7343,6 +7347,29 @@ describe('stripTags', function () {
     chai.expect(Voca.stripTags('<html><b>hello</b><p>world</p></html>')).to.be.equal('helloworld');
   });
 
+  it('should strip potential xss tags', function () {
+    /**
+     * @see https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet
+     */
+    chai.expect(Voca.stripTags('<script>evil();</script>')).to.be.equal('evil();');
+    chai.expect(Voca.stripTags('<SCRIPT SRC=http://xss.rocks/xss.js></SCRIPT>')).to.be.equal('');
+    chai.expect(Voca.stripTags('<IMG """><SCRIPT>alert("XSS")</SCRIPT>">')).to.be.equal('');
+    chai.expect(Voca.stripTags('<SCRIPT/XSS SRC="http://xss.rocks/xss.js"></SCRIPT>')).to.be.equal('');
+    chai.expect(Voca.stripTags('<BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("XSS")>')).to.be.equal('');
+    chai.expect(Voca.stripTags('<SCRIPT/SRC="http://xss.rocks/xss.js"></SCRIPT>')).to.be.equal('');
+    chai.expect(Voca.stripTags('<<SCRIPT>alert("XSS");//<</SCRIPT>')).to.be.equal('');
+    chai.expect(Voca.stripTags('<SCRIPT SRC=http://xss.rocks/xss.js?< B >')).to.be.equal('');
+    chai.expect(Voca.stripTags('<SCRIPT SRC=//xss.rocks/.j>')).to.be.equal('');
+    chai.expect(Voca.stripTags('<IMG SRC="javascript:alert(\'XSS\')"')).to.be.equal('');
+    chai.expect(Voca.stripTags('<SCRIPT a=">" SRC="httx://xss.rocks/xss.js"></SCRIPT>')).to.be.equal('');
+    chai.expect(Voca.stripTags('<SCRIPT =">" SRC="httx://xss.rocks/xss.js"></SCRIPT>')).to.be.equal('');
+    chai.expect(Voca.stripTags('<SCRIPT a=">" \'\' SRC="httx://xss.rocks/xss.js"></SCRIPT>')).to.be.equal('');
+    chai.expect(Voca.stripTags('<SCRIPT "a=\'>\'" SRC="httx://xss.rocks/xss.js"></SCRIPT>')).to.be.equal('');
+    chai.expect(Voca.stripTags('<SCRIPT a=`>` SRC="httx://xss.rocks/xss.js"></SCRIPT>')).to.be.equal('` SRC="httx://xss.rocks/xss.js">');
+    chai.expect(Voca.stripTags('<SCRIPT a=">\'>" SRC="httx://xss.rocks/xss.js"></SCRIPT>')).to.be.equal('');
+    chai.expect(Voca.stripTags('<SCRIPT>document.write("<SCRI");</SCRIPT>PT SRC="httx://xss.rocks/xss.js"></SCRIPT>')).to.be.equal('document.write("');
+  });
+
   it('should strip tags which attributes contain < or > ', function () {
     var helloWorld = 'hello  world';
     chai.expect(Voca.stripTags('hello <img title="<"> world')).to.be.equal(helloWorld);
@@ -7353,10 +7380,7 @@ describe('stripTags', function () {
   });
 
   it('should strip tags on multiple lines', function () {
-    var multilineHtml = `<html>This's a string with quotes:</html>
-"strings in double quote";
-'strings in single quote';
-<html>this\line is single quoted /with\slashes </html>`;
+    var multilineHtml = '<html>This\'s a string with quotes:</html>\n"strings in double quote";\n\'strings in single quote\';\n<html>this\line is single quoted /with\slashes </html>';
     chai.expect(Voca.stripTags(multilineHtml, '<html>')).to.be.equal(multilineHtml);
   });
 
@@ -7385,6 +7409,12 @@ describe('stripTags', function () {
     chai.expect(Voca.stripTags('')).to.be.equal('');
   });
 
+  it('should add instead of stripped tags a special string', function () {
+    chai.expect(Voca.stripTags('<li><b><a href="#" title="Title">Recently improved articles</a></b></li>', '', '*')).to.be.equal('***Recently improved articles***');
+    chai.expect(Voca.stripTags('<b>Hello</b><i>World</i>', '<a>', ' ')).to.be.equal(' Hello  World ');
+    chai.expect(Voca.stripTags('Line<br/>break', ['i'], ' ')).to.be.equal('Line break');
+  });
+
   it('should treat especially broken or invalid tags', function () {
     chai.expect(Voca.stripTags('< html >')).to.be.equal('< html >');
     chai.expect(Voca.stripTags('<<>>')).to.be.equal('');
@@ -7395,7 +7425,14 @@ describe('stripTags', function () {
     chai.expect(Voca.stripTags('<abc>hello</abc> \t\tworld... <ppp>strip_tags_test</ppp>', allowableTags)).to.be.equal('hello \t\tworld... strip_tags_test');
   });
 
-  it('should strip tags from a string representation of an object', function () {});
+  it('should strip tags from a string representation of an object', function () {
+    chai.expect(Voca.stripTags('<a href="#">Hello</a>')).to.equal('Hello');
+    chai.expect(Voca.stripTags({
+      toString: function () {
+        return '<a href="#">Hello</a>';
+      }
+    }, '<a>')).to.equal('<a href="#">Hello</a>');
+  });
 
   it('should return empty string for null or undefined', function () {
     chai.expect(Voca.stripTags(null)).to.be.equal('');
@@ -7446,4 +7483,3 @@ describe('version', function () {
 //util
 
 }(chai));
-//# sourceMappingURL=test_bundle.js.map