Socket
Book a DemoInstallSign in
Socket
Book a DemoInstallSign in

bd-escape-html-in-json

Package Overview
Dependencies
Maintainers
1
Versions
4
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

bd-escape-html-in-json

This package helps escape html in a JSON object

latest
Source
npmnpm
Version
1.0.3
Version published
Maintainers
1
Created
Source

bd-escape-html-in-json

This library provides utility methods that allows you escape html entities found in strings and also to escape any html in a JSON payload.

Installation

yarn add bd-escape-html-in-json

or

npm install bd-escape-html-in-json

Usage

import { escapeHTMLString, escapeObject } from "bd-escape-html-in-json"

// escaping a string that contains html entities
const unescapedString = "this string <script>alert('contains html entities')</script>"
console.log(escapeHTMLString(unescapeHTMLString))
// outputs "this string &lt;script&gt;alert(&#39;contains html entities&#39;)&lt;/script&gt;


// escaping a json object with html entities
const unescapedObject = [
  {
    name: 'John Doe',
    address: 'hacked address <script>alert("hacked address")</script>',
  },
  {
    name: 'Jane Doe',
    address: 'hacked address <script>alert("hacked address")</script>',
  },
  {
    name: 'Janet Doe',
    address: 'unhacked address',
  },
]
console.log(escapeObject(unescapedObject))
/** outputs
  {
    name: 'John Doe',
    address: "hacked address &lt;script&gt;alert(&quot;hacked address&quot;)&lt;/script&gt;",
  },
  {
    name: 'Jane Doe',
    address: "hacked address &lt;script&gt;alert(&quot;hacked address&quot;)&lt;/script&gt;",
  },
  {
    name: 'Janet Doe',
    address: 'unhacked address',
  },
]
**/

// escaping a json object while blacklisting some fields
const unescapedObject = {
  name: 'John Doe',
  address: 'hacked address <script>alert("hacked address")</script>',
  code: 'contains html <script>console.log("hi there")</script>'
 }
console.log(escapeObject(unescapedObject, ['code']))
// outputs
{
  name: 'John Doe',
  address: "hacked address &lt;script&gt;alert(&quot;hacked address&quot;)&lt;/script&gt;",
  code: 'contains html <script>console.log("hi there")</script>'
}

Keywords

escape html
escape html in json
html entities

FAQs

Package last updated on 26 Jul 2021

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Announcing Socket Fix 2.0

Product

Announcing Socket Fix 2.0

Socket Fix 2.0 brings targeted CVE remediation, smarter upgrade planning, and broader ecosystem support to help developers get to zero alerts.

By Martin Torp, John-David Dalton, Jeppe Fredsgaard Blaabjerg, Benjamin Barslev, Oskar Haarklou Veileborg  -  Sep 10, 2025
SocketSocket SOC 2 Logo

Product

About

Packages

Explore npm
Explore Cargo
Explore Go
Explore Maven
Explore NuGet
Explore PyPI
Explore Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc

U.S. Patent No. 12,346,443 & 12,314,394. Other pending.