You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Escape special characters in the given string of text, such that it can be
interpolated in HTML content.
This function will escape the following characters: ", ', &, <, and
>.
Note that the escaped value is only suitable for being interpolated into
HTML as the text content of elements in which the tag does not have different
escaping mechanisms (it cannot be placed inside <style> or <script>, for
example, as those content bodies are not HTML, but CSS and JavaScript,
respectively; these are known as "raw text elements" in the HTML standard).
Note when using the escaped value within a tag, it is only suitable as
the value of an attribute, where the value is quoted with either a double
quote character (") or a single quote character (').
Example
The escapeHtml function is designed to accept a string input of text and
return an escaped value to interpolate into HTML.
varescapeHtml=require('escape-html')// example valuesvardesc='I <b>think</b> this is good.'varfullName='John "Johnny" Smith'// example passing in text into a html attributeconsole.dir('<input name="full_name" value="'+escapeHtml(fullName)+'">')// -> '<input name="full_name" value="John "Johnny" Smith">'// example passing in text in html bodyconsole.dir('<textarea name="desc">'+escapeHtml(desc)+'</textarea>')// -> '<textarea name="desc">I <b>think</b> this is good.</textarea>'
Benchmark
$ npm run-script bench
> escape-html@1.0.3 bench nodejs-escape-html
> node benchmark/index.js
http_parser@1.0
node@0.10.33
v8@3.14.5.9
ares@1.9.0-DEV
uv@0.10.29
zlib@1.2.3
modules@11
openssl@1.0.1j
1 test completed.
2 tests completed.
3 tests completed.
no special characters x 19,435,271 ops/sec ±0.85% (187 runs sampled)
single special character x 6,132,421 ops/sec ±0.67% (194 runs sampled)
many special characters x 3,175,826 ops/sec ±0.65% (193 runs sampled)
