The html-entities package is a utility for encoding and decoding HTML entities. It can encode and decode a wide range of characters, including special characters, symbols, and emojis, to their corresponding HTML entities and vice versa. This is useful for preventing XSS attacks, rendering special characters in web pages, and working with text that includes characters that need to be escaped in HTML.

What are html-entities's main functionalities?

Encode special characters to HTML entities

This feature allows you to convert characters that have special meaning in HTML into their corresponding entities, making it safe to insert the text into HTML documents.

const { encode } = require('html-entities');
const result = encode('<div>Hello & Welcome!</div>');
console.log(result); // &lt;div&gt;Hello &amp; Welcome!&lt;/div&gt;

Decode HTML entities to their original characters

This feature enables you to convert HTML entities back into their original characters, which is useful when you need to process or display the text as it was originally intended.

const { decode } = require('html-entities');
const result = decode('&lt;div&gt;Hello &amp; Welcome!&lt;/div&gt;');
console.log(result); // <div>Hello & Welcome!</div>

Support for all HTML5 entities

The package includes support for all named HTML5 entities, allowing you to encode and decode a comprehensive set of characters.

const { encode } = require('html-entities');
const result = encode('© ∆');
console.log(result); // &copy; &Delta;

Handling of non-ASCII characters

This feature is specifically for encoding non-ASCII characters into their numerical HTML entity equivalents, which can be important for internationalization and dealing with various character sets.

const { encodeNonAsciiHTML } = require('html-entities');
const result = encodeNonAsciiHTML('Привет!');
console.log(result); // &#x41F;&#x440;&#x438;&#x432;&#x435;&#x442;!

Other packages similar to html-entities

Readme

Source

html-entities

Fastest HTML entities library.

Installation

$ npm install html-entities

Usage

encode(text, options)

Encodes text replacing HTML special characters (<>&"') plus other character ranges depending on mode option value.

import {encode} from 'html-entities';

encode('< > " \' & © ∆');
// -> '&lt; &gt; &quot; &apos; &amp; © ∆'

encode('< ©', {mode: 'nonAsciiPrintable'});
// -> '&lt; &copy;'

encode('< ©', {mode: 'nonAsciiPrintable', level: 'xml'});
// -> '&lt; &#169;'

Options:

level

all alias to html5 (default).
html5 uses HTML5 named references.
html4 uses HTML4 named references.
xml uses XML named references.

mode

specialChars encodes only HTML special characters (default).
nonAscii encodes HTML special characters and everything outside of the ASCII character range.
nonAsciiPrintable encodes HTML special characters and everything outiside of the ASCII printable characters.
extensive encodes all non-printable characters, non-ASCII characters and all characters with named references.

numeric

decode(text, options)

Decodes text replacing entities to characters. Unknown entities are left as is.

import {decode} from 'html-entities';

decode('&lt; &gt; &quot; &apos; &amp; &#169; &#8710;');
// -> '< > " \' & © ∆'

decode('&copy;', {level: 'html5'});
// -> '©'

decode('&copy;', {level: 'xml'});
// -> '&copy;'

Options:

level

all alias to html5 (default).
html5 uses HTML5 named references.
html4 uses HTML4 named references.
xml uses XML named references.

scope

body emulates behavior of browser when parsing tag bodies: entities without semicolon are also replaced (default).
attribute emulates behavior of browser when parsing tag attributes: entities without semicolon are replaced when not followed by equality sign =.
strict ignores entities without semicolon.

Performance

Statistically significant comparison with other libraries using benchmark.js. Results by this library are marked with *. The source code of the benchmark is available at benchmark/benchmark.ts.

Common

    Initialization / Load speed

        #1: html-entities x 2,986,166 ops/sec ±1.21% (85 runs sampled)
        #2: entities x 2,211,849 ops/sec ±1.16% (82 runs sampled)
        #3: he x 1,940,763 ops/sec ±1.07% (87 runs sampled)

HTML5

    Encode test

        #1: html-entities.encode - html5, nonAscii x 436,912 ops/sec ±0.37% (95 runs sampled)
        #2: html-entities.encode - html5, nonAsciiPrintable x 420,014 ops/sec ±0.31% (97 runs sampled)
        #3: entities.encodeNonAsciiHTML x 337,400 ops/sec ±0.38% (96 runs sampled)
        #4: html-entities.encode - html5, extensive x 270,985 ops/sec ±0.52% (96 runs sampled)
        #5: entities.encodeHTML x 128,155 ops/sec ±0.33% (91 runs sampled)
        #6: he.encode x 115,127 ops/sec ±0.74% (93 runs sampled)

    Decode test

        #1: html-entities.decode - html5, strict x 345,565 ops/sec ±0.21% (95 runs sampled)
        #2: entities.decodeHTMLStrict x 337,245 ops/sec ±0.59% (94 runs sampled)
        #3: html-entities.decode - html5, body x 333,330 ops/sec ±0.75% (96 runs sampled)
        #4: html-entities.decode - html5, attribute x 312,208 ops/sec ±0.31% (95 runs sampled)
        #5: entities.decodeHTML x 275,014 ops/sec ±0.54% (95 runs sampled)
        #6: he.decode x 182,385 ops/sec ±2.23% (89 runs sampled)

HTML4

    Encode test

        #1: html-entities.encode - html4, nonAscii x 407,753 ops/sec ±0.24% (95 runs sampled)
        #2: html-entities.encode - html4, nonAsciiPrintable x 393,630 ops/sec ±0.42% (96 runs sampled)
        #3: html-entities.encode - html4, extensive x 202,439 ops/sec ±0.23% (95 runs sampled)

    Decode test

        #1: html-entities.decode - html4, strict x 373,579 ops/sec ±0.25% (95 runs sampled)
        #2: html-entities.decode - html4, attribute x 365,673 ops/sec ±0.20% (96 runs sampled)
        #3: html-entities.decode - html4, body x 364,291 ops/sec ±2.17% (95 runs sampled)

XML

    Encode test

        #1: html-entities.encode - xml, nonAscii x 481,889 ops/sec ±0.43% (98 runs sampled)
        #2: html-entities.encode - xml, nonAsciiPrintable x 459,323 ops/sec ±0.33% (95 runs sampled)
        #3: entities.encodeXML x 352,201 ops/sec ±1.12% (93 runs sampled)
        #4: html-entities.encode - xml, extensive x 266,395 ops/sec ±0.23% (97 runs sampled)

    Decode test

        #1: html-entities.decode - xml, body x 434,407 ops/sec ±0.22% (94 runs sampled)
        #2: html-entities.decode - xml, strict x 430,113 ops/sec ±0.26% (95 runs sampled)
        #3: entities.decodeXML x 428,018 ops/sec ±0.54% (97 runs sampled)
        #4: html-entities.decode - xml, attribute x 426,291 ops/sec ±0.39% (95 runs sampled)

Escaping

    Escape test

        #1: he.escape x 1,145,770 ops/sec ±0.24% (97 runs sampled)
        #2: html-entities.encode - xml, specialChars x 1,100,040 ops/sec ±1.80% (92 runs sampled)
        #3: entities.escapeUTF8 x 728,382 ops/sec ±0.56% (93 runs sampled)
        #4: entities.escape x 313,666 ops/sec ±0.27% (97 runs sampled)

License

MIT

Keywords

FAQs

What is html-entities?

Is html-entities popular?

Is html-entities well maintained?

Last updated on 27 Jan 2021

Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

html-entities

What is html-entities?

What are html-entities's main functionalities?

Other packages similar to html-entities

he

entities

html-entities

Installation

Usage

encode(text, options)

level

mode

numeric

decode(text, options)

level

scope

Performance

License

Keywords

Related posts

UnitedHealth Group Discloses Protected Health Information Compromised for “Substantial Portion of People in America” in Recent Cyberattack

How Threat Actors are Abusing GitHub’s File Upload Feature to Host Malware

The Dark Side of Open Source