Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
encode-decode
Advanced tools
A Javascript object to encode and/or decode html characters using HTML or Numeric entities that handles double or partial encoding
A Javascript object to encode and/or decode html characters using HTML or Numeric entities that handles double or partial encoding.
This is an npm published version of Robert Reid's original - full credit to Robert.
Modified from the original documentation
var Encoder = require('encode-decode');
// set the type of encoding to numerical entities e.g & instead of &
Encoder.EncodeType = "numerical";
// or to set it to encode to html entities e.g & instead of &
Encoder.EncodeType = "entity";
// HTML encode text from an input element
// This will prevent double encoding.
var encoded = Encoder.htmlEncode(document.getElementById('input'));
// To encode but to allow double encoding which means any existing entities such as
// & will be converted to &
var dblEncoded = Encoder.htmlEncode(document.getElementById('input'),true);
// Decode the now encoded text
var decoded = Encoder.htmlDecode(encoded);
// Check whether the text still contains HTML/Numerical entities
var containsEncoded = Encoder.hasEncoded(decoded);
Taken from the original documentation
There are a number of useful functions within the object which I will outline here:
HTML2Numerical
: Converts HTML entities to their numerical equivalents.NumericalToHTML
: Converts numerical entities to their HTML equivalents.numEncode
: Numerically encodes unicode characters.htmlDecode
: Decodes HTML encoded text to its original state.htmlEncode
: Encodes HTML to either numerical or HTML entities. This is determined by the EncodeType property.XSSEncode
: Encodes the basic characters used in XSS attacks to malform HTML.correctEncoding
: Corrects any double encoded ampersands.stripUnicode
: Removes all unicode characters.hasEncoded
: Returns true if a string contains html encoded entities within it.
Taken from the original documentation
One of the things that I have found strange about Javascript is its lack of inbuilt functions to handle HTML encoding and decoding. Most server side languages have this functionality built into them but Javascript has escape, encodeURIComponent, encodeURI, unescape, decodeURIComponent and decodeURI functions which are aimed at making strings portable and for encoding URIs and URI parameters but there is no function for HTML encoding.
Now you may think well there's not much demand for a Javascript HTMLEncode and HTMLDecode function as any textual content that needs encoding should be done server-side before the HTML page is rendered and I would have agreed with you not long ago. However I have started working more and more with AJAX and especially RSS feeds and other client side delivered content such as Googles AJAX APIs and I have found more and more the need to reformat content delivered from external sources especially by HTML encoding or decoding content client side using Javascript.
For more details about reformating content with Javascript and the problems associated with simple replace statements you can read my related blog article.
Dual GPL v2 or MIT licence.
FAQs
A Javascript object to encode and/or decode html characters using HTML or Numeric entities that handles double or partial encoding
We found that encode-decode demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.