Package Exports
- html-escape
This package does not declare an exports field, so the exports above have been automatically detected and optimized by JSPM instead. If any package subpath is missing, it is recommended to post an issue to the original package (html-escape) to support the "exports" field. If that is not possible, create a JSPM override to customize the exports field for this package.
Readme
html-escape
Escape a string to be safe for use in html. &, <, ', and "
characters are replaced with with their named character references:
&, <, ', and ". Escaped strings will be safe
for use in the following contexts:
- RCDATA and DATA (content of all elements except for
<script>and<style>) - Single-quoted attribute values
' - Double-quoted attribute values
"
Example
var escape = require("html-escape");
var xssAttempt = "Hello <script>while(1);</script> world!";
// Output safe html
console.log("<p>" + escape(xssAttempt) + "</p>");
// "<p>Hello <script>while(1);</script> world!</p>"Installation
npm install html-escape