html-escape

Escape a string to be safe for use in html. &, <, ', and " characters are replaced with with their named character references: &, <, ', and ". Escaped strings will be safe for use in the following contexts:

RCDATA and DATA (content of all elements except for <script> and <style>)
Single-quoted attribute values '
Double-quoted attribute values "

Example

var escape = require("html-escape");
var xssAttempt = "Hello <script>while(1);</script> world!";
// Output safe html
console.log("<p>" + escape(xssAttempt) + "</p>");
// "<p>Hello &lt;script>while(1);&lt;/script> world!</p>"

Installation

npm install html-escape

html-escape

html-escape

Example

Installation

Readme

Keywords

Package Sidebar

Install

Repository

Homepage

Weekly Downloads

Version

License

Last publish

Collaborators

html-escape

html-escape

Example

Installation

Readme

Keywords

Package Sidebar

Install

Repository

Homepage

DownloadsWeekly Downloads

Version

License

Last publish

Collaborators

Weekly Downloads