Security News
Highlights from the 2024 Rails Community Survey
A record 2,709 developers participated in the 2024 Ruby on Rails Community Survey, revealing key tools, practices, and trends shaping the Rails ecosystem.
html-entities
Advanced tools
The html-entities package is a utility for encoding and decoding HTML entities. It can encode and decode a wide range of characters, including special characters, symbols, and emojis, to their corresponding HTML entities and vice versa. This is useful for preventing XSS attacks, rendering special characters in web pages, and working with text that includes characters that need to be escaped in HTML.
Encode special characters to HTML entities
This feature allows you to convert characters that have special meaning in HTML into their corresponding entities, making it safe to insert the text into HTML documents.
const { encode } = require('html-entities');
const result = encode('<div>Hello & Welcome!</div>');
console.log(result); // <div>Hello & Welcome!</div>
Decode HTML entities to their original characters
This feature enables you to convert HTML entities back into their original characters, which is useful when you need to process or display the text as it was originally intended.
const { decode } = require('html-entities');
const result = decode('<div>Hello & Welcome!</div>');
console.log(result); // <div>Hello & Welcome!</div>
Support for all HTML5 entities
The package includes support for all named HTML5 entities, allowing you to encode and decode a comprehensive set of characters.
const { encode } = require('html-entities');
const result = encode('© ∆');
console.log(result); // © Δ
Handling of non-ASCII characters
This feature is specifically for encoding non-ASCII characters into their numerical HTML entity equivalents, which can be important for internationalization and dealing with various character sets.
const { encodeNonAsciiHTML } = require('html-entities');
const result = encodeNonAsciiHTML('Привет!');
console.log(result); // Привет!
The 'he' package is an HTML entity encoder/decoder written in JavaScript. It is robust and handles a large number of character references. Compared to html-entities, 'he' claims to be the fastest and most comprehensive HTML entity library, and it strictly adheres to the HTML5 specification.
The 'entities' package is another library for encoding and decoding HTML entities. It is used internally by the 'htmlparser2' library, which is a fast and forgiving HTML/XML parser. While 'entities' offers similar functionality to html-entities, it is particularly optimized for use with 'htmlparser2' and may be more suitable for parsing tasks.
Fastest HTML entities library.
$ npm install html-entities
Encodes text replacing HTML special characters (<>&"'
) plus other character ranges depending on mode
option value.
import {encode} from 'html-entities';
encode('< > " \' & © ∆');
// -> '< > " ' & © ∆'
encode('< ©', {mode: 'nonAsciiPrintable'});
// -> '< ©'
encode('< ©', {mode: 'nonAsciiPrintable', level: 'xml'});
// -> '< ©'
Options:
all
alias to html5
(default).html5
uses HTML5
named references.html4
uses HTML4
named references.xml
uses XML
named references.specialChars
encodes only HTML special characters (default).nonAscii
encodes HTML special characters and everything outside of the ASCII character range.nonAsciiPrintable
encodes HTML special characters and everything outiside of the ASCII printable characters.decimal
uses decimal numbers when encoding html entities. i.e. ©
(default).hexadecimal
uses hexadecimal numbers when encoding html entities. i.e. ©
.Decodes text replacing entities to characters. Unknown entities are left as is.
import {decode} from 'html-entities';
decode('< > " ' & © ∆');
// -> '< > " \' & © ∆'
decode('©', {level: 'html5'});
// -> '©'
decode('©', {level: 'xml'});
// -> '©'
Options:
all
alias to html5
(default).html5
uses HTML5
named references.html4
uses HTML4
named references.xml
uses XML
named references.body
emulates behavior of browser when parsing tag bodies: entities without semicolon are also replaced (default).attribute
emulates behavior of browser when parsing tag attributes: entities without semicolon are replaced when not followed by equality sign =
.strict
ignores entities without semicolon.Statistically significant comparison with other libraries using benchmark.js
.
Results by this library are marked with *
.
The source code of the benchmark is available at benchmark/benchmark.ts
.
HTML5
Encode test
* #1: html-entities.encode - html5, nonAscii x 362,978 ops/sec ±1.10% (93 runs sampled)
* #2: html-entities.encode - html5, nonAsciiPrintable x 343,554 ops/sec ±1.35% (93 runs sampled)
#3: entities.encodeHTML5 x 106,418 ops/sec ±0.41% (91 runs sampled)
#4: he.encode x 98,762 ops/sec ±0.93% (92 runs sampled)
Decode test
* #1: html-entities.decode - html5, strict x 291,466 ops/sec ±3.09% (86 runs sampled)
* #2: html-entities.decode - html5, body x 293,192 ops/sec ±5.33% (91 runs sampled)
* #3: html-entities.decode - html5, attribute x 272,764 ops/sec ±2.30% (91 runs sampled)
#4: entities.decodeHTML5 x 250,868 ops/sec ±0.59% (93 runs sampled)
#5: he.decode x 176,291 ops/sec ±4.48% (88 runs sampled)
HTML4
Encode test
* #1: html-entities.encode - html4, nonAscii x 364,044 ops/sec ±1.70% (92 runs sampled)
* #2: html-entities.encode - html4, nonAsciiPrintable x 328,646 ops/sec ±2.61% (88 runs sampled)
#3: entities.encodeHTML4 x 105,841 ops/sec ±0.53% (91 runs sampled)
Decode test
* #1: html-entities.decode - html4, body x 327,197 ops/sec ±0.76% (95 runs sampled)
* #2: html-entities.decode - html4, attribute x 317,243 ops/sec ±2.10% (90 runs sampled)
* #3: html-entities.decode - html4, strict x 312,160 ops/sec ±2.94% (83 runs sampled)
#4: entities.decodeHTML4 x 288,001 ops/sec ±0.85% (93 runs sampled)
XML
Encode test
* #1: html-entities.encode - xml, nonAscii x 427,148 ops/sec ±1.40% (94 runs sampled)
* #2: html-entities.encode - xml, nonAsciiPrintable x 397,820 ops/sec ±2.77% (92 runs sampled)
#3: entities.encodeXML x 283,177 ops/sec ±3.57% (93 runs sampled)
Decode test
* #1: html-entities.decode - xml, strict x 407,364 ops/sec ±0.55% (91 runs sampled)
#2: entities.decodeXML x 405,984 ops/sec ±0.78% (94 runs sampled)
* #3: html-entities.decode - xml, body x 402,167 ops/sec ±0.67% (95 runs sampled)
* #4: html-entities.decode - xml, attribute x 387,630 ops/sec ±2.51% (94 runs sampled)
#5: entities.decodeXMLStrict x 390,023 ops/sec ±7.37% (86 runs sampled)
Escaping
Escape test
#1: he.escape x 1,163,620 ops/sec ±2.53% (88 runs sampled)
* #2: html-entities.encode - xml, specialChars x 1,087,350 ops/sec ±4.06% (91 runs sampled)
MIT
FAQs
Fastest HTML entities encode/decode library.
The npm package html-entities receives a total of 14,591,497 weekly downloads. As such, html-entities popularity was classified as popular.
We found that html-entities demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
A record 2,709 developers participated in the 2024 Ruby on Rails Community Survey, revealing key tools, practices, and trends shaping the Rails ecosystem.
Security News
In 2023, data breaches surged 78% from zero-day and supply chain attacks, but developers are still buried under alerts that are unable to prevent these threats.
Security News
Solo open source maintainers face burnout and security challenges, with 60% unpaid and 60% considering quitting.