Escape string to be safe for use in html
JavaScript
Switch branches/tags
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
.gitignore
README.md
index.js
package.json 2.0.0 Apr 20, 2016
test.js

README.md

html-escape

Escape a string to be safe for use in html. &, <, ', and " characters are replaced with with their named character references: &amp;, &lt;, &apos;, and &quot;. Escaped strings will be safe for use in the following contexts:

Example

var escape = require("html-escape");
var xssAttempt = "Hello <script>while(1);</script> world!";
// Output safe html
console.log("<p>" + escape(xssAttempt) + "</p>");
// "<p>Hello &lt;script>while(1);&lt;/script> world!</p>"

Installation

npm install html-escape