escape-goat
v4.0.0
Published
Escape a string for use in HTML or the inverse
Downloads
26,202,748
Maintainers
Readme
Escape a string for use in HTML or the inverse
Install
$ npm install escape-goat
Usage
import {htmlEscape, htmlUnescape} from 'escape-goat';
htmlEscape('π¦ & π');
//=> 'π¦ & π'
htmlUnescape('π¦ & π');
//=> 'π¦ & π'
htmlEscape('Hello <em>World</em>');
//=> 'Hello <em>World</em>'
const url = 'https://sindresorhus.com?x="π¦"';
htmlEscape`<a href="${url}">Unicorn</a>`;
//=> '<a href="https://sindresorhus.com?x="π¦"">Unicorn</a>'
const escapedUrl = 'https://sindresorhus.com?x="π¦"';
htmlUnescape`URL from HTML: ${escapedUrl}`;
//=> 'URL from HTML: https://sindresorhus.com?x="π¦"'
API
htmlEscape(string)
Escapes the following characters in the given string
argument: &
<
>
"
'
The function also works as a tagged template literal that escapes interpolated values.
htmlUnescape(htmlString)
Unescapes the following HTML entities in the given htmlString
argument: &
<
>
"
'
The function also works as a tagged template literal that unescapes interpolated values.
Tip
Ensure you always quote your HTML attributes to prevent possible XSS.
FAQ
Why yet another HTML escaping package?
I couldn't find one I liked that was tiny, well-tested, and had both escape and unescape methods.