rss-feeder-mobilizon/node_modules/escape-goat
2021-01-03 16:39:27 +01:00
..
index.d.ts add new events works, now there are date conversions to make 2021-01-03 16:39:27 +01:00
index.js add new events works, now there are date conversions to make 2021-01-03 16:39:27 +01:00
license add new events works, now there are date conversions to make 2021-01-03 16:39:27 +01:00
package.json add new events works, now there are date conversions to make 2021-01-03 16:39:27 +01:00
readme.md add new events works, now there are date conversions to make 2021-01-03 16:39:27 +01:00

escape-goat

Escape a string for use in HTML or the inverse

Build Status

Install

$ npm install escape-goat

Usage

const {htmlEscape, htmlUnescape} = require('escape-goat');

htmlEscape('🦄 & 🐐');
//=> '🦄 & 🐐'

htmlUnescape('🦄 & 🐐');
//=> '🦄 & 🐐'

htmlEscape('Hello <em>World</em>');
//=> 'Hello &lt;em&gt;World&lt;/em&gt;'

const url = 'https://sindresorhus.com?x="🦄"';

htmlEscape`<a href="${url}">Unicorn</a>`;
//=> '<a href="https://sindresorhus.com?x=&quot;🦄&quot;">Unicorn</a>'

const escapedUrl = 'https://sindresorhus.com?x=&quot;🦄&quot;';

htmlUnescape`URL from HTML: ${url}`;
//=> 'URL from HTML: https://sindresorhus.com?x="🦄"'

API

htmlEscape(string)

Escapes the following characters in the given string argument: & < > " '

The function also works as a tagged template literal that escapes interpolated values.

htmlUnescape(htmlString)

Unescapes the following HTML entities in the given htmlString argument: &amp; &lt; &gt; &quot; &#39;

The function also works as a tagged template literal that unescapes interpolated values.

Tip

Ensure you always quote your HTML attributes to prevent possible XSS.

FAQ

Why yet another HTML escaping package?

I couldn't find one I liked that was tiny, well-tested, and had both .escape() and .unescape().