Package Exports
- xss-escape
This package does not declare an exports field, so the exports above have been automatically detected and optimized by JSPM instead. If any package subpath is missing, it is recommended to post an issue to the original package (xss-escape) to support the "exports" field. If that is not possible, create a JSPM override to customize the exports field for this package.
Readme
#xss-escape
Escapes strings for safe insertion into html, and helps prevents cross site scripting attacks.
xss-escape escapes the following characters to their respective html character codes.
- & -> &
- < -> <
- > -> >
- " -> "
- ' -> '
- / -> /
- Note that xss-escape only protects data being used in the body of html elements. It does not protect in other contexts such as html attribute or url contexts.
##In NodeJS
npm install xss-escape
var xssEscape = require('xss-escape');
var escapedString = xssEscape(unsafeString);##In the Browser
<script src="path/to/xss-escape.js"></script>
<script>
var escapedString = xssEscape(unsafeString);
</script>##Can be used with nested objects or arrays.
var escapedObject = xssEscape({ a: 'foo', [{ b: 'bar' }, 'baz' ] });##Run Tests While in the project's root directory.
npm installnodeunit test.js
or run tests on every file save.
grunt watch
##Run Benchmarks While in the project's root directory run.
npm installgrunt benchmark