safe-string

Escapes HTML characters and JavaScript line terminators

Adapted from serialize-javascript.

The use case of this module is to safely embed content into a <script> element within an HTML document.

Usage

const safeString = require('safe-string');

const string = JSON.stringify({foo: '</script>'});
// => '{"foo":"</script>"}'

const escaped = safeString(string);
// => '{"foo":"\u003C\u002Fscript\u003E"}'

const html = `<script type="application/json">${escaped}</script>`;
// => '<script type="application/json">{"foo":"\u003C\u002Fscript\u003E"}</script>'

const parsed = JSON.parse(escaped);
// => {foo: '</script>'}

See Also

• https://github.com/yahoo/serialize-javascript
• https://github.com/mapbox/safer-stringify