Drift

You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

History

Max Leiter 208ba42c0e Initial commit		3 years ago
..
index.d.ts	Initial commit	3 years ago
index.js	Initial commit	3 years ago
license	Initial commit	3 years ago
package.json	Initial commit	3 years ago
readme.md	Initial commit	3 years ago

readme.md

Escape a string for use in HTML or the inverse

Install

$ npm install escape-goat

Usage

const {htmlEscape, htmlUnescape, htmlEscapeTag, htmlUnescapeTag} = require('escape-goat');

htmlEscape('🦄 & 🐐');
//=> '🦄 &amp; 🐐'

htmlUnescape('🦄 &amp; 🐐');
//=> '🦄 & 🐐'

htmlEscape('Hello <em>World</em>');
//=> 'Hello &lt;em&gt;World&lt;/em&gt;'

const url = 'https://sindresorhus.com?x="🦄"';

htmlEscapeTag`<a href="${url}">Unicorn</a>`;
//=> '<a href="https://sindresorhus.com?x=&quot;🦄&quot;">Unicorn</a>'

const escapedUrl = 'https://sindresorhus.com?x=&quot;🦄&quot;';

htmlUnescapeTag`URL from HTML: ${url}`;
//=> 'URL from HTML: https://sindresorhus.com?x="🦄"'

API

htmlEscape(string)

Escapes the following characters in the given string argument: & < > " '

htmlUnescape(htmlString)

Unescapes the following HTML entities in the given htmlString argument: & < > " '

htmlEscapeTag

Tagged template literal that escapes interpolated values.

htmlUnescapeTag

Tagged template literal that unescapes interpolated values.

Tip

Ensure you always quote your HTML attributes to prevent possible XSS.

FAQ

Why yet another HTML escaping package?

I couldn't find one I liked that was tiny, well-tested, and had both .escape() and .unescape().