61 lines
1.7 KiB
Plaintext
61 lines
1.7 KiB
Plaintext
<h1>
|
|
<img src="logo.jpg" width="1280" alt="escape-goat">
|
|
</h1>
|
|
|
|
> Escape a string for use in HTML or the inverse
|
|
|
|
## Install
|
|
|
|
```
|
|
$ npm install escape-goat
|
|
```
|
|
|
|
## Usage
|
|
|
|
```js
|
|
import {htmlEscape, htmlUnescape} from 'escape-goat';
|
|
|
|
htmlEscape('🦄 & 🐐');
|
|
//=> '🦄 & 🐐'
|
|
|
|
htmlUnescape('🦄 & 🐐');
|
|
//=> '🦄 & 🐐'
|
|
|
|
htmlEscape('Hello <em>World</em>');
|
|
//=> 'Hello <em>World</em>'
|
|
|
|
const url = 'https://sindresorhus.com?x="🦄"';
|
|
|
|
htmlEscape`<a href="${url}">Unicorn</a>`;
|
|
//=> '<a href="https://sindresorhus.com?x="🦄"">Unicorn</a>'
|
|
|
|
const escapedUrl = 'https://sindresorhus.com?x="🦄"';
|
|
|
|
htmlUnescape`URL from HTML: ${escapedUrl}`;
|
|
//=> 'URL from HTML: https://sindresorhus.com?x="🦄"'
|
|
```
|
|
|
|
## API
|
|
|
|
### htmlEscape(string)
|
|
|
|
Escapes the following characters in the given `string` argument: `&` `<` `>` `"` `'`
|
|
|
|
The function also works as a [tagged template literal](https://developer.mozilla.org/en/docs/Web/JavaScript/Reference/Template_literals#Tagged_template_literals) that escapes interpolated values.
|
|
|
|
### htmlUnescape(htmlString)
|
|
|
|
Unescapes the following HTML entities in the given `htmlString` argument: `&` `<` `>` `"` `'`
|
|
|
|
The function also works as a [tagged template literal](https://developer.mozilla.org/en/docs/Web/JavaScript/Reference/Template_literals#Tagged_template_literals) that unescapes interpolated values.
|
|
|
|
## Tip
|
|
|
|
Ensure you always quote your HTML attributes to prevent possible [XSS](https://en.wikipedia.org/wiki/Cross-site_scripting).
|
|
|
|
## FAQ
|
|
|
|
### Why yet another HTML escaping package?
|
|
|
|
I couldn't find one I liked that was tiny, well-tested, and had both escape and unescape methods.
|