&🐐; Escape a string for use in HTML or the inverse
Switch branches/tags
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
.editorconfig
.gitattributes
.gitignore
.travis.yml
index.js
license
logo.jpg
package.json
readme.md Readme tweaks Jul 21, 2017
test.js

readme.md

escape-goat

Escape a string for use in HTML or the inverse

Build Status

Install

$ npm install escape-goat

Usage

const escapeGoat = require('escape-goat');

escapeGoat.escape('πŸ¦„ & 🐐');
//=> 'πŸ¦„ & 🐐'

escapeGoat.unescape('πŸ¦„ & 🐐');
//=> 'πŸ¦„ & 🐐'

escapeGoat.escape('Hello <em>World</em>');
//=> 'Hello &lt;em&gt;World&lt;/em&gt;'

const url = 'https://sindresorhus.com?x="πŸ¦„"';
escapeGoat.escapeTag`<a href="${url}">Unicorn</a>`;
//=> '<a href="https://sindresorhus.com?x=&quot;πŸ¦„&quot;">Unicorn</a>'

API

escapeGoat.escape(input)

Escapes the following characters in the given input string: & < > " '

escapeGoat.unescape(input)

Unescapes the following HTML entities in the given input string: &amp; &lt; &gt; &quot; &#39;

escapeGoat.escapeTag

Tagged template literal that escapes interpolated values.

escapeGoat.unescapeTag

Tagged template literal that unescapes interpolated values.

Tip

Ensure you always quote your HTML attributes to prevent possible XSS.

FAQ

Why yet another HTML escaping package?

I couldn't find one I liked that was tiny, well-tested, and had both .escape() and .unescape().

License

MIT Β© Sindre Sorhus