/**

 * Copyright (c) Meta Platforms, Inc. and affiliates.

 *

 * This source code is licensed under the MIT license found in the

 * LICENSE file in the root directory of this source tree.

 *

 * Based on the escape-html library, which is used under the MIT License below:

 *

 * Copyright (c) 2012-2013 TJ Holowaychuk

 * Copyright (c) 2015 Andreas Lubbe

 * Copyright (c) 2015 Tiancheng "Timothy" Gu

 *

 * Permission is hereby granted, free of charge, to any person obtaining

 * a copy of this software and associated documentation files (the

 * 'Software'), to deal in the Software without restriction, including

 * without limitation the rights to use, copy, modify, merge, publish,

 * distribute, sublicense, and/or sell copies of the Software, and to

 * permit persons to whom the Software is furnished to do so, subject to

 * the following conditions:

 *

 * The above copyright notice and this permission notice shall be

 * included in all copies or substantial portions of the Software.

 *

 * THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND,

 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF

 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.

 * IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY

 * CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,

 * TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE

 * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

 *

 * @flow

 */

// code copied and modified from escape-html

/**

 * Module variables.

 * @private

 */

import {checkHtmlStringCoercion} from 'shared/CheckStringCoercion';

const matchHtmlRegExp = /["'&<>]/;

/**

 * Escapes special characters and HTML entities in a given html string.

 *

 * @param  {string} string HTML string to escape for later insertion

 * @return {string}

 * @public

 */

function escapeHtml(string: string) {

  if (__DEV__) {

    checkHtmlStringCoercion(string);

  }

  const str = '' + string;

  const match = matchHtmlRegExp.exec(str);

  if (!match) {

    return str;

  }

  let escape;

  let html = '';

  let index;

  let lastIndex = 0;

  for (index = match.index; index < str.length; index++) {

    switch (str.charCodeAt(index)) {

      case 34: // "

        escape = '"';

        break;

      case 38: // &

        escape = '&';

        break;

      case 39: // '

        escape = '''; // modified from escape-html; used to be '&#39'

        break;

      case 60: // <

        escape = '<';

        break;

      case 62: // >

        escape = '>';

        break;

      default:

        continue;

    }

    if (lastIndex !== index) {

      html += str.slice(lastIndex, index);

    }

    lastIndex = index + 1;

    html += escape;

  }

  return lastIndex !== index ? html + str.slice(lastIndex, index) : html;

}

// end code copied and modified from escape-html

/**

 * Escapes text to prevent scripting attacks.

 *

 * @param {*} text Text value to escape.

 * @return {string} An escaped string.

 */

function escapeTextForBrowser(text: string | number | boolean): string {

  if (typeof text === 'boolean' || typeof text === 'number') {

    // this shortcircuit helps perf for types that we know will never have

    // special characters, especially given that this function is used often

    // for numeric dom ids.

    return '' + (text: any);

  }

  return escapeHtml(text);

}

export default escapeTextForBrowser;