npm
Sign UpSign In

great-escape

0.1.1 • Public • Published

great-escape

A small nodejs module for HTML character escaping

Will escape the following characters: &, <, >, ", ', `, , !, @, $, %, (, ), =, +, {, }, [, and ]

Installation

npm install great-escape --save

Usage

var greatEscape = require('great-escape');
escape = greateEscape.escape;
var html = '<h1>Hello World</h1>', escaped = escape(html);
console.log('html', html, 'escaped', escaped);

Tests

npm test

Contributing

In lieu of a formal styleguide, take care to maintain the existing coding style. Add unit tests for any new or changed functionality. Lint and test your code.

Release History

  • 0.1.0 Initial release

Disclaimer

All of the characters listed above can be used to break out of an unquoted HTML attribute value. Even if you escape all of them, you’re still a subject to potential attacks. It boils down to a matter of context. This module doesn't cover cases like inserting user input into the body of an inline

Readme

Keywords

Package Sidebar

Install

npm i great-escape

Repository

github.com/beanilsson/great-escape

Homepage

github.com/beanilsson/great-escape#readme

Weekly Downloads

1

Version

0.1.1

License

GPL-3.0

Last publish

Collaborators

  • beanilsson
Try on RunKit
Report malware