htmlspecialchars.js

A utility function for typing html special characters

List of all exports

• [x] htmlspecialchars

Usage

htmlspecialchars can be useful when you need to securely insert html as text, this same function can also be used for html attribute values.

Only the following characters are escaped: &<>"' and backticks. If you want to escape all html entities, choose a package such as html-entities.

const unsafeHtmlString = `<img onload="alert('XSS')" />`;
const sanitizedHtmlString = htmlSpecialChars(unsafeHtmlString);

console.log(sanitizedHtmlString);
// &lt;img onload=&quot;alert(&#039;XSS&#039;)&quot; /&gt;

Installations

The htmlspecialchars layer is available as ESModule / IIFE / Commonjs.

NPM Package

npm install @enzoaicardi/htmlspecialchars

import { htmlspecialchars } from "@enzoaicardi/htmlspecialchars"; // es modules
const { htmlspecialchars } = require("@enzoaicardi/htmlspecialchars"); // commonjs modules

CDN import

// es modules
import { htmlspecialchars } from "https://cdn.jsdelivr.net/npm/@enzoaicardi/htmlspecialchars@latest/esm/htmlspecialchars.js";

<!-- iife function execution -->
<script src="https://cdn.jsdelivr.net/npm/@enzoaicardi/htmlspecialchars@latest/iife/htmlspecialchars.js"></script>
<script>
    // global object destructuration
    const { htmlspecialchars } = htmlspecialchars;
</script>