xss-escape
v0.0.6
Published
Escapes content for prevention of XSS (Cross Site Scripting) attacks.
Downloads
1,080
Maintainers
Readme
#xss-escape
Escapes strings for safe insertion into html, and helps prevents cross site scripting attacks.
xss-escape escapes the following characters to their respective html character codes.
- & -> &
- < -> <
- > -> >
- " -> "
- ' -> '
- / -> /
- Note that xss-escape only protects data being used in the body of html elements. It does not protect in other contexts such as html attribute or url contexts.
##In NodeJS
npm install xss-escape
var xssEscape = require('xss-escape');
var escapedString = xssEscape(unsafeString);
##In the Browser
<script src="path/to/xss-escape.js"></script>
<script>
var escapedString = xssEscape(unsafeString);
</script>
##Can be used with nested objects or arrays.
var escapedObject = xssEscape({ a: 'foo', [{ b: 'bar' }, 'baz' ] });
##Run Tests While in the project's root directory.
npm install
nodeunit test.js
or run tests on every file save.
grunt watch
##Run Benchmarks While in the project's root directory run.
npm install
grunt benchmark