html-escape

Escape reserved HTML characters

html-escape

html-escape

Escape scape a string to be safe for use in HTML. All five reserved characters (&<>'") are escaped.

Example

var escape = require("html-escape");
 
var xss = "Hello <script>while(1);</script> world!";
 
// Produce html that could be safely used 
console.log("<p>" + escape(xss) + "</p>");

Installation

npm install html-escape