Security News
GitHub Removes Malicious Pull Requests Targeting Open Source Repositories
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
@wordpress/escape-html
Advanced tools
@wordpress/escape-html is a utility package for escaping HTML entities in strings. It helps prevent XSS (Cross-Site Scripting) attacks by converting special characters into their corresponding HTML entities.
Escape HTML
This feature allows you to escape HTML entities in a string, converting special characters like <, >, and & into their corresponding HTML entities.
const { escapeHTML } = require('@wordpress/escape-html');
const unsafeString = '<script>alert("XSS")</script>';
const safeString = escapeHTML(unsafeString);
console.log(safeString); // <script>alert("XSS")</script>
Escape Attribute
This feature allows you to escape HTML attributes, ensuring that special characters are converted to their corresponding HTML entities.
const { escapeAttribute } = require('@wordpress/escape-html');
const unsafeAttribute = '" onmouseover="alert(1)"';
const safeAttribute = escapeAttribute(unsafeAttribute);
console.log(safeAttribute); // " onmouseover="alert(1)"
The 'he' package is a robust HTML entity encoder/decoder. It supports both encoding and decoding of HTML entities and is highly configurable. Compared to @wordpress/escape-html, 'he' offers more flexibility and options for handling HTML entities.
The 'html-escaper' package provides simple functions to escape and unescape HTML entities. It is lightweight and easy to use, similar to @wordpress/escape-html, but with a focus on simplicity and minimalism.
The 'lodash.escape' function is part of the Lodash library, which provides utility functions for common programming tasks. It escapes characters for inclusion in HTML, similar to @wordpress/escape-html, but is part of a larger utility library.
Escape HTML utils.
Install the module
npm install @wordpress/escape-html
This package assumes that your code will run in an ES2015+ environment. If you're using an environment that has limited or no support for ES2015+ such as lower versions of IE then using core-js or @babel/polyfill will add support for these methods. Learn more about it in Babel docs.
FAQs
Escape HTML utils.
The npm package @wordpress/escape-html receives a total of 46,317 weekly downloads. As such, @wordpress/escape-html popularity was classified as popular.
We found that @wordpress/escape-html demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 23 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
Security News
RubyGems.org has added a new "maintainer" role that allows for publishing new versions of gems. This new permission type is aimed at improving security for gem owners and the service overall.
Security News
Node.js will be enforcing stricter semver-major PR policies a month before major releases to enhance stability and ensure reliable release candidates.