Merge pull request #804 from plotly/entity-decode-performance

scjody · web-flow · commit 53d054e94a32 · 2016-08-02T12:16:52.000-04:00
Remove HTML entity decoding from convertToSVG
diff --git a/src/lib/svg_text_utils.js b/src/lib/svg_text_utils.js
@@ -252,8 +252,7 @@ function encodeForHTML(_str) {
 }
 
 function convertToSVG(_str) {
-    var htmlEntitiesDecoded = Plotly.util.html_entity_decode(_str);
-    var result = htmlEntitiesDecoded
+    var result = _str
         .split(/(<[^<>]*>)/).map(function(d) {
             var match = d.match(/<(\/?)([^ >]*)\s*(.*)>/i),
                 tag = match && match[2].toLowerCase(),
diff --git a/src/plots/cartesian/axes.js b/src/plots/cartesian/axes.js
@@ -1053,7 +1053,8 @@ function formatLinear(ax, out, hover, extraPrecision, hideexp) {
 // new, more reliable procedure than d3.round or similar:
 // add half the rounding increment, then stringify and truncate
 // also automatically switch to sci. notation
-var SIPREFIXES = ['f', 'p', 'n', '&mu;', 'm', '', 'k', 'M', 'G', 'T'];
+var SIPREFIXES = ['f', 'p', 'n', 'μ', 'm', '', 'k', 'M', 'G', 'T'];
+
 function numFormat(v, ax, fmtoverride, hover) {
         // negative?
     var isNeg = v < 0,
@@ -1144,7 +1145,7 @@ function numFormat(v, ax, fmtoverride, hover) {
             v += 'E' + signedExponent;
         }
         else if(exponentFormat === 'power') {
-            v += '&times;10<sup>' + signedExponent + '</sup>';
+            v += '×10<sup>' + signedExponent + '</sup>';
         }
         else if(exponentFormat === 'B' && exponent === 9) {
             v += 'B';
diff --git a/src/plots/cartesian/graph_interact.js b/src/plots/cartesian/graph_interact.js
@@ -695,7 +695,7 @@ function cleanPoint(d, hovermode) {
             d.xLabel += ' +' + xeText + ' / -' +
                 Axes.tickText(d.xa, d.xa.c2l(d.xerrneg), 'hover').text;
         }
-        else d.xLabel += ' &plusmn; ' + xeText;
+        else d.xLabel += ' ± ' + xeText;
 
         // small distance penalty for error bars, so that if there are
         // traces with errors and some without, the error bar label will
@@ -708,7 +708,7 @@ function cleanPoint(d, hovermode) {
             d.yLabel += ' +' + yeText + ' / -' +
                 Axes.tickText(d.ya, d.ya.c2l(d.yerrneg), 'hover').text;
         }
-        else d.yLabel += ' &plusmn; ' + yeText;
+        else d.yLabel += ' ± ' + yeText;
 
         if(hovermode === 'y') d.distance += 1;
     }
diff --git a/test/image/mocks/axes_enumerated_ticks.json b/test/image/mocks/axes_enumerated_ticks.json
@@ -33,7 +33,7 @@
         "xaxis": {
             "ticktext": [
                 "<span style=\"fill:green\">green</span> eggs",
-                "&amp; ham",
+                "& ham",
                 "H<sub>2</sub>O",
                 "Gorgonzola"
             ],
@@ -47,4 +47,4 @@
             ]
         }
     }
-}
+}
diff --git a/test/jasmine/tests/svg_text_utils_test.js b/test/jasmine/tests/svg_text_utils_test.js
@@ -121,33 +121,34 @@ describe('svg+text utils', function() {
         });
 
         it('wrap XSS attacks in href', function() {
-            var textCases = [
-                '<a href="XSS\" onmouseover=&quot;alert(1)\" style=&quot;font-size:300px">Subtitle</a>',
-                '<a href="XSS&quot; onmouseover=&quot;alert(1)&quot; style=&quot;font-size:300px">Subtitle</a>'
-            ];
+            var node = mockTextSVGElement(
+                '<a href="XSS" onmouseover="alert(1)" style="font-size:300px">Subtitle</a>'
+            );
 
-            textCases.forEach(function(textCase) {
-                var node = mockTextSVGElement(textCase);
+            expect(node.text()).toEqual('Subtitle');
+            assertAnchorAttrs(node);
+            assertAnchorLink(node, 'XSS onmouseover=alert(1) style=font-size:300px');
+        });
 
-                expect(node.text()).toEqual('Subtitle');
-                assertAnchorAttrs(node);
-                assertAnchorLink(node, 'XSS onmouseover=alert(1) style=font-size:300px');
-            });
+        it('wrap XSS attacks with quoted entities in href', function() {
+            var node = mockTextSVGElement(
+                '<a href="XSS&quot; onmouseover=&quot;alert(1)&quot; style=&quot;font-size:300px">Subtitle</a>'
+            );
+
+            console.log(node.select('a').attr('xlink:href'));
+            expect(node.text()).toEqual('Subtitle');
+            assertAnchorAttrs(node);
+            assertAnchorLink(node, 'XSS&quot; onmouseover=&quot;alert(1)&quot; style=&quot;font-size:300px');
         });
 
         it('should keep query parameters in href', function() {
-            var textCases = [
-                '<a href="https://abc.com/myFeature.jsp?name=abc&pwd=def">abc.com?shared-key</a>',
-                '<a href="https://abc.com/myFeature.jsp?name=abc&amp;pwd=def">abc.com?shared-key</a>'
-            ];
-
-            textCases.forEach(function(textCase) {
-                var node = mockTextSVGElement(textCase);
+            var node = mockTextSVGElement(
+                '<a href="https://abc.com/myFeature.jsp?name=abc&pwd=def">abc.com?shared-key</a>'
+            );
 
-                assertAnchorAttrs(node);
-                expect(node.text()).toEqual('abc.com?shared-key');
-                assertAnchorLink(node, 'https://abc.com/myFeature.jsp?name=abc&pwd=def');
-            });
+            assertAnchorAttrs(node);
+            expect(node.text()).toEqual('abc.com?shared-key');
+            assertAnchorLink(node, 'https://abc.com/myFeature.jsp?name=abc&pwd=def');
         });
 
         it('allow basic spans', function() {

Original file line number	Diff line number	Diff line change
`@@ -252,8 +252,7 @@ function encodeForHTML(_str) {`
`252`	`252`	`}`
`253`	`253`
`254`	`254`	`function convertToSVG(_str) {`
`255`		`- var htmlEntitiesDecoded = Plotly.util.html_entity_decode(_str);`
`256`		`- var result = htmlEntitiesDecoded`
	`255`	`+ var result = _str`
`257`	`256`	`.split(/(<[^<>]*>)/).map(function(d) {`
`258`	`257`	`var match = d.match(/<(\/?)([^ >])\s(.*)>/i),`
`259`	`258`	`tag = match && match[2].toLowerCase(),`
Original file line number	Diff line number	Diff line change
`@@ -695,7 +695,7 @@ function cleanPoint(d, hovermode) {`
`695`	`695`	`d.xLabel += ' +' + xeText + ' / -' +`
`696`	`696`	`Axes.tickText(d.xa, d.xa.c2l(d.xerrneg), 'hover').text;`
`697`	`697`	`}`
`698`		`- else d.xLabel += ' ± ' + xeText;`
	`698`	`+ else d.xLabel += ' ± ' + xeText;`
`699`	`699`
`700`	`700`	`// small distance penalty for error bars, so that if there are`
`701`	`701`	`// traces with errors and some without, the error bar label will`
`@@ -708,7 +708,7 @@ function cleanPoint(d, hovermode) {`
`708`	`708`	`d.yLabel += ' +' + yeText + ' / -' +`
`709`	`709`	`Axes.tickText(d.ya, d.ya.c2l(d.yerrneg), 'hover').text;`
`710`	`710`	`}`
`711`		`- else d.yLabel += ' ± ' + yeText;`
	`711`	`+ else d.yLabel += ' ± ' + yeText;`
`712`	`712`
`713`	`713`	`if(hovermode === 'y') d.distance += 1;`
`714`	`714`	`}`
Original file line number	Diff line number	Diff line change
`@@ -33,7 +33,7 @@`
`33`	`33`	`"xaxis": {`
`34`	`34`	`"ticktext": [`
`35`	`35`	`"<span style=\"fill:green\">green</span> eggs",`
`36`		`- "& ham",`
	`36`	`+ "& ham",`
`37`	`37`	`"H<sub>2</sub>O",`
`38`	`38`	`"Gorgonzola"`
`39`	`39`	`],`
`@@ -47,4 +47,4 @@`
`47`	`47`	`]`
`48`	`48`	`}`
`49`	`49`	`}`
`50`		`-}`
	`50`	`+}`