Security News
How Threat Actors are Abusing GitHub’s File Upload Feature to Host Malware
GitHub is susceptible to a CDN flaw that allows attackers to host malware on any public repository.
By Sarah Gooding - Apr 23, 2024
character-reference-invalid
Advanced tools
- Version published
- Weekly downloads
- 7.7M
- increased by2.02%
- Maintainers
- 1
- Install size
- 9.38 kB
- Created
- Weekly downloads
Readme
character-reference-invalid
Map of invalid numeric character references to their replacements, according to HTML.
Contents
- What is this?
- When should I use this?
- Install
- Use
- API
- Source
- Types
- Compatibility
- Security
- Related
- Contribute
- License
What is this?
This is a map from the HTML spec of C1 ASCII/Unicode control
characters (which are disallowed by HTML) to the characters those code points
would have in Windows 1252.
For example, U+0080 (Padding Character) maps to €, because that’s used for
0x80 in Windows 1252.
When should I use this?
Probably never, unless you’re dealing with parsing HTML or similar XML-like things, or in a place where Unicode is not the primary encoding (it is in most places).
Install
This package is ESM only. In Node.js (version 12.20+, 14.14+, or 16.0+), install with npm:
npm install character-reference-invalid
In Deno with Skypack:
import {characterReferenceInvalid} from 'https://cdn.skypack.dev/character-reference-invalid@2?dts'
In browsers with Skypack:
<script type="module">
import {characterReferenceInvalid} from 'https://cdn.skypack.dev/character-reference-invalid@2?min'
</script>
Use
import {characterReferenceInvalid} from 'character-reference-invalid'
console.log(characterReferenceInvalid[0x80]) // => '€'
console.log(characterReferenceInvalid[0x89]) // => '‰'
console.log(characterReferenceInvalid[0x99]) // => '™'
API
This package exports the following identifiers: characterReferenceInvalid.
There is no default export.
characterReferenceInvalid
Record<number, string> — mapping between invalid numeric character reference
codes to replacements characters.
Source
See html.spec.whatwg.org.
Types
This package is fully typed with TypeScript.
Compatibility
This package is at least compatible with all maintained versions of Node.js. As of now, that is Node.js 12.20+, 14.14+, and 16.0+. It also works in Deno and modern browsers.
Security
This package is safe.
Related
wooorm/character-entities— HTML character entity infowooorm/character-entities-html4— HTML 4 character entity infowooorm/character-entities-legacy— legacy character entity infowooorm/parse-entities— parse HTML character referenceswooorm/stringify-entities— serialize HTML character references
Contribute
Yes please! See How to Contribute to Open Source.
License
FAQs
Map of invalid numeric character references to their replacements, according to HTML
The npm package character-reference-invalid receives a total of 6,195,677 weekly downloads. As such, character-reference-invalid popularity was classified as popular.
We found that character-reference-invalid demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Last updated on 27 Oct 2021
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
The Dark Side of Open Source
At Node Congress, Socket CEO Feross Aboukhadijeh uncovers the darker aspects of open source, where applications that rely heavily on third-party dependencies can be exploited in supply chain attacks.
By Sarah Gooding - Apr 19, 2024
Research
Security News
npm Package for ReExt React Components Library Exfiltrates Git Credentials
The Socket Research team found this npm package includes code for collecting sensitive developer information, including your operating system username, Git username, and Git email.
By Sarah Gooding, Socket Research Team - Apr 18, 2024