From 4b38621ab83afd52f59295c93fec8a8ad9ce2cb9 Mon Sep 17 00:00:00 2001
From: Richie Bendall <richiebendall@gmail.com>
Date: Wed, 18 Mar 2020 17:58:08 +1300
Subject: [PATCH] refactor: Use `escape-goat` instead of `escape-html` and
 `unescape-html`

Signed-off-by: Richie Bendall <richiebendall@gmail.com>
---
 package.json  |   3 +--
 routes/get.js |  17 ++++++++---------
 yarn.lock     | Bin 183038 -> 183012 bytes
 3 files changed, 9 insertions(+), 11 deletions(-)

diff --git a/package.json b/package.json
index 689154ca..9ffbd509 100644
--- a/package.json
+++ b/package.json
@@ -29,7 +29,7 @@
     "any-size": "^1.0.0",
     "btoa": "^1.2.1",
     "ejs": "^3.0.1",
-    "escape-html": "^1.0.3",
+    "escape-goat": "^3.0.0",
     "express": "^4.17.1",
     "express-minify": "^1.0.0",
     "fs-extra": "^8.1.0",
@@ -39,7 +39,6 @@
     "postcss-preset-env": "^6.7.0",
     "serve-favicon": "^2.5.0",
     "temp-dir": "^2.0.0",
-    "unescape-html": "^1.1.0",
     "yn": "^4.0.0"
   },
   "devDependencies": {
diff --git a/routes/get.js b/routes/get.js
index 7193ceb8..a55e96d4 100644
--- a/routes/get.js
+++ b/routes/get.js
@@ -1,8 +1,7 @@
 const md5 = require('md5')
 const path = require('path')
-const escapeTags = require('escape-html')
-const unescapeTags = require('unescape-html')
-const stripTags = require('html-text')
+const { htmlEscape, htmlUnescape } = require('escape-goat')
+const stripHtml = require('html-text')
 const is = require('@sindresorhus/is')
 
 function getCopyrightHTML (user, plain) {
@@ -12,17 +11,17 @@ function getCopyrightHTML (user, plain) {
     ? user
     : plain
       ? user.name || user.copyright
-      : escapeTags(user.name || user.copyright)
+      : htmlEscape(user.name || user.copyright)
 
   if (user.url) {
-    html = `<a href="${stripTags(user.url)}">${name}</a>`
+    html = `<a href="${stripHtml(user.url)}">${name}</a>`
   } else {
     html = name
   }
 
   if (user.email) {
-    html += ` &lt;<a href="mailto:${stripTags(user.email)}">${
-      plain ? user.email : escapeTags(user.email)
+    html += ` &lt;<a href="mailto:${stripHtml(user.email)}">${
+      plain ? user.email : htmlEscape(user.email)
       }</a>&gt;`
   }
 
@@ -41,7 +40,7 @@ module.exports = (req, res) => {
     } else if (is.array(user.copyright) && user.copyright.every(val => is.string(val))) {
       // Supports: ['Remy Sharp', 'Richie Bendall']
       name = user.copyright
-        .map(v => (options.format !== 'html' ? v : escapeTags(v)))
+        .map(v => (options.format !== 'html' ? v : htmlEscape(v)))
         .join(', ')
     } else {
       name = user.copyright.map(getCopyrightHTML).join(', ')
@@ -84,7 +83,7 @@ module.exports = (req, res) => {
 
       res
         .set('Content-Type', 'text/plain; charset=UTF-8')
-        .send(unescapeTags(stripTags(plain)).trim())
+        .send(htmlUnescape(stripHtml(plain)).trim())
       return
     }
 
diff --git a/yarn.lock b/yarn.lock
index 9774c24182153fcb885ee92d04cb4c8b937bae30..c5371bd77d6a35b1b8285911c29f349f8edb139a 100644
GIT binary patch
delta 203
zcmex2mHWw5?hPdyS<>?pOQtK{V04*$VI#W>h^McspIV%pSdgj<;^`Xe8318PdX;jj
zMUrV+l9{Q6si|>Vszsu4vWcasWwNoMS+ZGbQj$fog^5v;q2=_AHjH9X<;DT!eo<cK
zK@~X#Cgy?eRT-tOPB|&Ag<&2Z85tJ(C7uDvIcBNJX+}=@rIwb-DUKxu*?E~6PGJVF
y$;sx<?iG<Kr4eCHE*YsFhTcZ`jxIqtW#zWETwKkK8@D%ZWW4ujd;U_UepLVpI7XZR

delta 229
zcmaDdmHXdR?hPdyc{56Ka~$Ff^$hfkbrhP*H*GK9#CY!$cWQBRVnM1dNOrnm2&0RC
zX&#c0zOFtBU)N9%WI{=Lm2!%aiMfGks)bRSL9%74nNgyJd16YUnNgZ?a*Cyyv4L@l
zd5Te@@pQ*tCb0;AOZ`eGze3M!$D*uYQ%mzqkJKvD497&rlsxk!3w<MFgWw1Y&%EUH
z2*(K1l5kJUh#c3z$iynMz@+?AgW#O}M9Vz0oC-^K(_*uXbko8NugWU-bX(i)flHYt
Gs{#NGnN4y4