Skip to content

DubFriend/xss-escape

Repository files navigation

#xss-escape

Escapes strings for safe insertion into html, and helps prevents cross site scripting attacks.

xss-escape escapes the following characters to their respective html character codes.

  • & -> &
  • < -> &lt;
  • > -> &gt;
  • " -> &quot;
  • ' -> &#x27;
  • / -> &#x2F;
  • Note that xss-escape only protects data being used in the body of html elements. It does not protect in other contexts such as html attribute or url contexts.

##In NodeJS npm install xss-escape

var xssEscape = require('xss-escape');
var escapedString = xssEscape(unsafeString);

##In the Browser

<script src="path/to/xss-escape.js"></script>
<script>
    var escapedString = xssEscape(unsafeString);
</script>

##Can be used with nested objects or arrays.

var escapedObject = xssEscape({ a: 'foo', [{ b: 'bar' }, 'baz' ] });

##Run Tests While in the project's root directory.

  • npm install
  • nodeunit test.js

or run tests on every file save.

  • grunt watch

##Run Benchmarks While in the project's root directory run.

  • npm install
  • grunt benchmark

About

Escapes content for prevention of XSS attacks.

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published