❀Notable Pastry Maker

    escape-goat
    TypeScript icon, indicating that this package has built-in type declarations

    4.0.0Β β€’Β PublicΒ β€’Β Published

    escape-goat

    Escape a string for use in HTML or the inverse

    Install

    $ npm install escape-goat
    

    Usage

    import {htmlEscape, htmlUnescape} from 'escape-goat';
    
    htmlEscape('πŸ¦„ & 🐐');
    //=> 'πŸ¦„ & 🐐'
    
    htmlUnescape('πŸ¦„ & 🐐');
    //=> 'πŸ¦„ & 🐐'
    
    htmlEscape('Hello <em>World</em>');
    //=> 'Hello &lt;em&gt;World&lt;/em&gt;'
    
    const url = 'https://sindresorhus.com?x="πŸ¦„"';
    
    htmlEscape`<a href="${url}">Unicorn</a>`;
    //=> '<a href="https://sindresorhus.com?x=&quot;πŸ¦„&quot;">Unicorn</a>'
    
    const escapedUrl = 'https://sindresorhus.com?x=&quot;πŸ¦„&quot;';
    
    htmlUnescape`URL from HTML: ${escapedUrl}`;
    //=> 'URL from HTML: https://sindresorhus.com?x="πŸ¦„"'

    API

    htmlEscape(string)

    Escapes the following characters in the given string argument: & < > " '

    The function also works as a tagged template literal that escapes interpolated values.

    htmlUnescape(htmlString)

    Unescapes the following HTML entities in the given htmlString argument: &amp; &lt; &gt; &quot; &#39;

    The function also works as a tagged template literal that unescapes interpolated values.

    Tip

    Ensure you always quote your HTML attributes to prevent possible XSS.

    FAQ

    Why yet another HTML escaping package?

    I couldn't find one I liked that was tiny, well-tested, and had both escape and unescape methods.

    Install

    npm i escape-goat

    DownloadsWeekly Downloads

    6,034,194

    Version

    4.0.0

    License

    MIT

    Unpacked Size

    6.28 kB

    Total Files

    5

    Last publish

    Collaborators

    • sindresorhus