From d32c1b2500fe62205bb06d86cb072644faf7ffdd Mon Sep 17 00:00:00 2001
From: maliming <malimings@gmail.com>
Date: Fri, 19 Mar 2021 20:44:52 +0800
Subject: [PATCH] Create a method to escape HTML in JavaScript.

---
 npm/packs/core/src/abp.js | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/npm/packs/core/src/abp.js b/npm/packs/core/src/abp.js
index 9405310771..c267fc151f 100644
--- a/npm/packs/core/src/abp.js
+++ b/npm/packs/core/src/abp.js
@@ -684,6 +684,13 @@ var abp = abp || {};
         document.cookie = cookieValue;
     }
 
+    /**
+     * Escape HTML to help prevent XSS attacks. 
+     */
+    abp.utils.htmlEscape = function (html) {
+        return typeof html === 'string' ? html.replace(/&/g, '&amp;').replace(/</g, '&lt;').replace(/>/g, '&gt;').replace(/"/g, '&quot;') : html;
+    }
+
     /* SECURITY ***************************************/
     abp.security = abp.security || {};
     abp.security.antiForgery = abp.security.antiForgery || {};