Security News
Cloudflare Adds Security.txt Setup Wizard
Cloudflare has launched a setup wizard allowing users to easily create and manage a security.txt file for vulnerability disclosure on their websites.
es-escape-html
Advanced tools
Escape string for use in HTML
This module exports a single function, escapeHtml
, that is used to escape
a string of content such that it can be interpolated in HTML content.
This is a Node.js module available through the
npm registry. Installation is done using the
npm install
command:
$ npm install es-escape-html
Escape special characters in the given string of text, such that it can be interpolated in HTML content.
This function will escape the following characters: "
, '
, &
, <
, and
>
.
Note that the escaped value is only suitable for being interpolated into
HTML as the text content of elements in which the tag does not have different
escaping mechanisms (it cannot be placed inside <style>
or <script>
, for
example, as those content bodies are not HTML, but CSS and JavaScript,
respectively; these are known as "raw text elements" in the HTML standard).
Note when using the escaped value within a tag, it is only suitable as
the value of an attribute, where the value is quoted with either a double
quote character ("
) or a single quote character ('
).
The escapeHtml
function is designed to accept a string input of text and
return an escaped value to interpolate into HTML.
import { escapeHtml } from "es-escape-html";
// Example values
const desc = "I <b>think</b> this is good.";
const fullName = 'John "Johnny" Smith';
// Example passing in text into a html attribute
console.dir(`<input name="full_name" value="${escapeHtml(fullName)}" />`);
// -> '<input name="full_name" value="John "Johnny" Smith">'
// Example passing in text in html body
console.dir(`<textarea name="desc">${escapeHtml(desc)}</textarea>`);
// -> '<textarea name="desc">I <b>think</b> this is good.</textarea>'
FAQs
es-escape-html rewrite for ESM
We found that es-escape-html demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Cloudflare has launched a setup wizard allowing users to easily create and manage a security.txt file for vulnerability disclosure on their websites.
Security News
The Socket Research team breaks down a malicious npm package targeting the legitimate DOMPurify library. It uses obfuscated code to hide that it is exfiltrating browser and crypto wallet data.
Security News
ENISA’s 2024 report highlights the EU’s top cybersecurity threats, including rising DDoS attacks, ransomware, supply chain vulnerabilities, and weaponized AI.