$ npm install html-escape
Escape a string to be safe for use in html. &
, <
, '
, and "
characters are replaced with with their named character references:
&
, <
, '
, and "
. Escaped strings will be safe
for use in the following contexts:
<script>
and <style>
)'
"
var escape = require("html-escape");
var xssAttempt = "Hello <script>while(1);</script> world!";
// Output safe html
console.log("<p>" + escape(xssAttempt) + "</p>");
// "<p>Hello <script>while(1);</script> world!</p>"
npm install html-escape
© 2010 - cnpmjs.org x YWFE | Home | YWFE