chrisdrakeford 9c87c1307d first commit | 3 年 前 | |
---|---|---|
.. | ||
index.d.ts | 3 年 前 | |
index.js | 3 年 前 | |
license | 3 年 前 | |
package.json | 3 年 前 | |
readme.md | 3 年 前 |
Escape a string for use in HTML or the inverse
$ npm install escape-goat
const {htmlEscape, htmlUnescape, htmlEscapeTag, htmlUnescapeTag} = require('escape-goat');
htmlEscape('🦄 & 🐐');
//=> '🦄 & 🐐'
htmlUnescape('🦄 & 🐐');
//=> '🦄 & 🐐'
htmlEscape('Hello <em>World</em>');
//=> 'Hello <em>World</em>'
const url = 'https://sindresorhus.com?x="🦄"';
htmlEscapeTag`<a href="${url}">Unicorn</a>`;
//=> '<a href="https://sindresorhus.com?x="🦄"">Unicorn</a>'
const escapedUrl = 'https://sindresorhus.com?x="🦄"';
htmlUnescapeTag`URL from HTML: ${url}`;
//=> 'URL from HTML: https://sindresorhus.com?x="🦄"'
Escapes the following characters in the given string
argument: &
<
>
"
'
Unescapes the following HTML entities in the given htmlString
argument: &
<
>
"
'
Tagged template literal that escapes interpolated values.
Tagged template literal that unescapes interpolated values.
Ensure you always quote your HTML attributes to prevent possible XSS.
I couldn't find one I liked that was tiny, well-tested, and had both .escape()
and .unescape()
.
MIT © Sindre Sorhus