parse-entities
Advanced tools
The parse-entities npm package is used to parse HTML entities in text. It can decode named and numerical character references in HTML, making it useful for processing and sanitizing HTML content.
Decode named character references
This feature allows you to decode named character references in a string. For example, it converts " to ".
const parseEntities = require('parse-entities');
const decoded = parseEntities('The "quick" brown fox');
console.log(decoded); // Output: The "quick" brown foxDecode numerical character references
This feature allows you to decode numerical character references in a string. For example, it converts 😀 to 😀.
const parseEntities = require('parse-entities');
const decoded = parseEntities('The 😀 emoji');
console.log(decoded); // Output: The 😀 emojiDecode mixed character references
This feature allows you to decode a mix of named and numerical character references in a string.
const parseEntities = require('parse-entities');
const decoded = parseEntities('The "quick" brown fox jumps over the lazy dog🐶');
console.log(decoded); // Output: The "quick" brown fox jumps over the lazy dog🐶The 'he' package (short for HTML entities) is a robust HTML entity encoder/decoder. It supports both named and numerical character references and offers more configuration options compared to parse-entities.
The 'entities' package is another library for encoding and decoding XML and HTML entities. It provides similar functionality to parse-entities but also includes support for encoding entities, which parse-entities does not offer.
The 'html-entities' package provides methods to encode and decode HTML entities. It supports both named and numerical references and offers additional features like encoding non-ASCII characters.
Parse HTML character references.
This is a small and powerful decoder of HTML character references (often called entities).
You can use this for spec-compliant decoding of character references. It’s small and fast enough to do that well. You can also use this when making a linter, because there are different warnings emitted with reasons for why and positional info on where they happened.
This package is ESM only. In Node.js (version 14.14+, 16.0+), install with npm:
npm install parse-entities
In Deno with esm.sh:
import {parseEntities} from 'https://esm.sh/parse-entities@3'
In browsers with esm.sh:
<script type="module">
import {parseEntities} from 'https://esm.sh/parse-entities@3?bundle'
</script>
import {parseEntities} from 'parse-entities'
console.log(parseEntities('alpha & bravo')))
// => alpha & bravo
console.log(parseEntities('charlie ©cat; delta'))
// => charlie ©cat; delta
console.log(parseEntities('echo © foxtrot ≠ golf 𝌆 hotel'))
// => echo © foxtrot ≠ golf 𝌆 hotel
This package exports the identifier parseEntities.
There is no default export.
parseEntities(value[, options])Parse HTML character references.
optionsConfiguration (optional).
options.additionalAdditional character to accept (string?, default: '').
This allows other characters, without error, when following an ampersand.
options.attributeWhether to parse value as an attribute value (boolean?, default: false).
This results in slightly different behavior.
options.nonTerminatedWhether to allow nonterminated references (boolean, default: true).
For example, ©cat for ©cat.
This behavior is compliant to the spec but can lead to unexpected results.
options.positionStarting position of value (Position or Point, optional).
Useful when dealing with values nested in some sort of syntax tree.
The default is:
{line: 1, column: 1, offset: 0}
options.warningError handler (Function?).
options.textText handler (Function?).
options.referenceReference handler (Function?).
options.warningContextContext used when calling warning ('*', optional).
options.textContextContext used when calling text ('*', optional).
options.referenceContextContext used when calling reference ('*', optional)
string — decoded value.
function warning(reason, point, code)Error handler.
this (*) — refers to warningContext when given to parseEntitiesreason (string) — human readable reason for emitting a parse errorpoint (Point) — place where the error occurredcode (number) — machine readable code the errorThe following codes are used:
| Code | Example | Note |
|---|---|---|
1 | foo & bar | Missing semicolon (named) |
2 | foo { bar | Missing semicolon (numeric) |
3 | Foo &bar baz | Empty (named) |
4 | Foo &# | Empty (numeric) |
5 | Foo &bar; baz | Unknown (named) |
6 | Foo € baz | Disallowed reference |
7 | Foo � baz | Prohibited: outside permissible unicode range |
function text(value, position)Text handler.
this (*) — refers to textContext when given to parseEntitiesvalue (string) — string of contentposition (Position) — place where value starts and endsfunction reference(value, position, source)Character reference handler.
this (*) — refers to referenceContext when given to parseEntitiesvalue (string) — decoded character referenceposition (Position) — place where source starts and endssource (string) — raw source of character referenceThis package is fully typed with TypeScript.
It exports the additional types Options, WarningHandler,
ReferenceHandler, and TextHandler.
This package is at least compatible with all maintained versions of Node.js. As of now, that is Node.js 14.14+ and 16.0+. It also works in Deno and modern browsers.
This package is safe: it matches the HTML spec to parse character references.
wooorm/stringify-entities
— encode HTML character referenceswooorm/character-entities
— info on character referenceswooorm/character-entities-html4
— info on HTML4 character referenceswooorm/character-entities-legacy
— info on legacy character referenceswooorm/character-reference-invalid
— info on invalid numeric character referencesYes please! See How to Contribute to Open Source.
FAQs
Parse HTML character references
The npm package parse-entities receives a total of 7,157,024 weekly downloads. As such, parse-entities popularity was classified as popular.
We found that parse-entities demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
PyPI confirms no security flaws were exploited in the Ultralytics supply chain attack and highlights improvements for safer package publishing.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.