chore: fix code scanning alerts (DevExpress#26510)

dxrobot · Jan 26, 2024 · 60d187a · 60d187a
1 parent 1194eb9
commit 60d187a
Show file tree

Hide file tree

Showing 3 changed files with 3 additions and 2 deletions.
diff --git a/js/core/utils/string.js b/js/core/utils/string.js
@@ -73,7 +73,7 @@ export function format(template, ...values) {
 
 export const replaceAll = (function() {
     const quote = function(str) {
-        return (str + '').replace(/([+*?.[^\]$(){}><|=!:])/g, '\\$1'); // lgtm[js/incomplete-sanitization]
+        return (str + '').replace(/([\\+*?.[^\]$(){}><|=!:])/g, '\\$1');
     };
 
     return function(text, searchToken, replacementToken) {

diff --git a/js/localization/ldml/number.js b/js/localization/ldml/number.js
@@ -210,7 +210,7 @@ function getFormatByValueText(valueText, formatter, isPercent, isNegative) {
     format = format.replace(/1+/, '1').replace(/1/g, '#');
 
     if(!isPercent) {
-        format = format.replace('%', '\'%\''); // lgtm[js/incomplete-sanitization]
+        format = format.replace(/%/g, '\'%\'');
     }
 
     return format;

diff --git a/testing/tests/DevExpress.core/utils.string.tests.js b/testing/tests/DevExpress.core/utils.string.tests.js
@@ -7,6 +7,7 @@ QUnit.test('replace all case insensitive', function(assert) {
     assert.strictEqual(stringUtils.replaceAll('test sentence', 'test', '<b>$1</b>'), '<b>test</b> sentence', 'replacement token $1');
     assert.strictEqual(stringUtils.replaceAll('Test sentence', 'test', '<b>$1</b>'), '<b>Test</b> sentence', 'Replacement for different case');
     assert.strictEqual(stringUtils.replaceAll('Test sentence test', 'test', '<b>$1</b>'), '<b>Test</b> sentence <b>test</b>', 'Multiple replacements');
+    assert.strictEqual(stringUtils.replaceAll('test sentence', 'test', '\\$1\\'), '\\test\\ sentence', 'backslash escaped correctly');
 });
 
 QUnit.test('stringFormat', function(assert) {