Regexes safely escaped. Renamed MDSpreadsheetBlockReader

js/markdown.js

@@ -449,6 +449,44 @@ class MDUtils {
 		}
 		return a == b;
 	}
+
+	/**
+	 * @param {string} text
+	 */
+	static escapeRegex(text) {
+		// Partially following escaping scheme from not-yet-widely-supported RegExp.escape.
+		// https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/RegExp/escape
+		const escapeHex = function(ch) {
+			const codepoint = ch.codePointAt(0);
+			const s = '00' + codepoint.toString(16);
+			return `\\x${s.substring(s.length - 2)}`;
+		}
+		var escaped = '';
+		const l = text.length;
+		for (var i = 0; i < l; i++) {
+			const ch = text.substring(i, i + 1);
+			if (i == 0 && /[a-zA-Z0-9]/.exec(ch)) {
+				escaped += escapeHex(ch);
+			} else if ("^$\\.*+?()[]{}|/".indexOf(ch) >= 0) {
+				escaped += `\\${ch}`;
+			} else if (",-=<>#&!%:;@~'`\"".indexOf(ch) >= 0) {
+				escaped += escapeHex(ch);
+			} else if (ch == '\f') {
+				escaped += "\\f";
+			} else if (ch == '\n') {
+				escaped += "\\n";
+			} else if (ch == '\r') {
+				escaped += "\\r";
+			} else if (ch == '\t') {
+				escaped += "\\t";
+			} else if (ch == '\v') {
+				escaped += "\\v";
+			} else {
+				escaped += ch;
+			}
+		}
+		return escaped;
+	}
 }
 
 
@@ -3224,9 +3262,8 @@ class MDState {
 			this.#parent.defineAbbreviation(abbreviation, definition);
 			return;
 		}
-		// FIXME: Escape abbreviation
 		this.#abbreviations[abbreviation] = definition;
-		const regex = new RegExp("\\b(" + abbreviation + ")\\b", "ig");
+		const regex = new RegExp("\\b(" + MDUtils.escapeRegex(abbreviation) + ")\\b", "ig");
 		this.#abbreviationRegexes[abbreviation] = regex;
 	}
 

js/spreadsheet.js

@@ -918,7 +918,7 @@ class CellExpressionSet {
 		if (text === null || search === null || replace === null) {
 			throw new CellEvaluationException("SUBSTITUTE expects 3 string arguments");
 		}
-		const result = text.replaceAll(search, replace); // FIXME: Not case-insensitive
+		const result = text.replace(new RegExp(MDUtils.escapeRegex(search), 'gi'), replace);
 		return CellValue.fromValue(result);
 	}
 
@@ -2891,7 +2891,7 @@ class SpreadsheetCell {
  * post-process step on any tables in the document tree. Must be used with
  * `MDTableBlockReader`. Tables without at least one formula will not be altered.
  */
-class SpreadsheetBlockReader extends MDBlockReader {
+class MDSpreadsheetBlockReader extends MDBlockReader {
 	readBlock(state) {
 		return null;
 	}

markdownjs.html

@@ -86,7 +86,7 @@
 		<script src="js/markdown.js"></script>
 		<script src="js/spreadsheet.js"></script>
 		<script>
-			var parser = new Markdown([ ...Markdown.allBlockReaders, new SpreadsheetBlockReader() ], Markdown.allInlineReaders);
+			var parser = new Markdown([ ...Markdown.allBlockReaders, new MDSpreadsheetBlockReader() ], Markdown.allInlineReaders);
 			function onDocumentLoad() {
 				document.getElementById('markdowninput').addEventListener('input', onMarkdownChange);
 				setTimeout(onMarkdownChange, 0);

spreadsheet.md

@@ -1,6 +1,6 @@
 # Spreadsheet Expressions
 
-Spreadsheet expressions are an optional feature not enabled in the default parser configurations. To enable it, include `spreadsheet.js` and create a `Markdown` instance with a `SpreadsheetBlockReader`.
+Spreadsheet expressions are an optional feature not enabled in the default parser configurations. To enable it, include `spreadsheet.js` and create a `Markdown` instance with a `MDSpreadsheetBlockReader`.
 
 ## Expressions
 

testjs.html

@@ -1212,10 +1212,14 @@
 					this.assertEqual(value.type, CellValue.TYPE_STRING);
 					this.assertEqual(value.formattedValue, 'some text');
 					this.assertEqual(value.value, 'some text');
-					value = CellValue.fromCellString("'123");
+					value = CellValue.fromCellString("'0123");
 					this.assertEqual(value.type, CellValue.TYPE_STRING);
-					this.assertEqual(value.formattedValue, '123');
-					this.assertEqual(value.value, '123');
+					this.assertEqual(value.formattedValue, '0123');
+					this.assertEqual(value.value, '0123');
+					value = CellValue.fromCellString("'=123");
+					this.assertEqual(value.type, CellValue.TYPE_STRING);
+					this.assertEqual(value.formattedValue, '=123');
+					this.assertEqual(value.value, '=123');
 				}
 
 				test_fromCellString_formula() {
@@ -1574,6 +1578,7 @@
 
 				test_func_average() {
 					this._test_simple_formula('=AVERAGE(4, 6, 2, 4)', 4);
+					this._test_simple_formula('=AVERAGE(4, 6, 2, "foo", 4)', 4);
 				}
 
 				test_func_ceiling() {
@@ -1611,6 +1616,7 @@
 
 				test_func_log() {
 					this._test_simple_formula('=LOG(1000, 10)', 3);
+					this._test_simple_formula('=LOG(64, 2)', 6);
 				}
 
 				test_func_lower() {
@@ -1664,6 +1670,8 @@
 
 				test_func_substitute() {
 					this._test_simple_formula('=SUBSTITUTE("cat sat on the mat", "at", "ot")', 'cot sot on the mot');
+					this._test_simple_formula('=SUBSTITUTE("cAt saT on the mat", "at", "ot")', 'cot sot on the mot');
+					this._test_simple_formula('=SUBSTITUTE("c.*t s.*t on the m.*t", ".*t", "ot")', 'cot sot on the mot');
 				}
 
 				test_func_sum() {
@@ -1694,7 +1702,7 @@
 				parser;
 
 				setUp() {
-					this.parser = new Markdown([ ...Markdown.allBlockReaders, new SpreadsheetBlockReader() ], Markdown.allInlineReaders);
+					this.parser = new Markdown([ ...Markdown.allBlockReaders, new MDSpreadsheetBlockReader() ], Markdown.allInlineReaders);
 				}
 
 				md(markdown) {