Security News
NIST Misses 2024 Deadline to Clear NVD Backlog
NIST has failed to meet its self-imposed deadline of clearing the NVD's backlog by the end of the fiscal year. Meanwhile, CVE's awaiting analysis have increased by 33% since June.
stringify-entities
Advanced tools
The stringify-entities npm package is used for encoding special characters into HTML or XML entities. It is particularly useful when you need to ensure that text content is safely and correctly represented in HTML or XML documents, preventing issues related to unescaped characters.
Encode special characters in HTML
This feature allows you to convert characters that have special meaning in HTML into their corresponding HTML entities, thus preventing them from being interpreted as HTML code. This is useful for displaying plain text in web pages.
const stringify = require('stringify-entities');
const text = 'This & that';
const encodedText = stringify(text);
console.log(encodedText); // 'This & that'
Encode special characters in XML
This feature enables the encoding of characters into XML entities. By specifying options, you can control which characters to encode and whether to escape only those characters, making it flexible for different XML contexts.
const stringify = require('stringify-entities');
const text = 'AT&T';
const options = {subset: ['&'], escapeOnly: true};
const encodedText = stringify(text, options);
console.log(encodedText); // 'AT&T'
The 'he' package is another popular HTML entity encoder and decoder. It supports all HTML5 entities and provides robust decoding capabilities, which makes it more comprehensive in handling HTML entities compared to stringify-entities, which focuses primarily on stringifying.
Similar to 'stringify-entities', the 'entities' package offers encoding and decoding of HTML/XML entities. It provides a more extensive set of functionalities including decoding, which is not a focus of stringify-entities. This makes 'entities' a more versatile choice for projects that require both encoding and decoding capabilities.
Encode HTML character references and character entities.
'`'
characters are escaped to ensure no scripts
run in IE6-8. Additionally, only named entities recognised by HTML4
are encoded, meaning the infamous '
(which people think is a
virus) won’t show upBy default, all dangerous, non-ASCII, or non-printable ASCII characters
are encoded. A subset of characters can be given to encode just
those characters. Alternatively, pass escapeOnly
to
escape just the dangerous characters ("
, '
, <
, >
, &
, `
).
By default, numeric entities are used. Pass useNamedReferences
to use named entities when possible, or useShortestReferences
to use them if that results in less bytes.
npm:
npm install stringify-entities
var stringify = require('stringify-entities')
stringify('alpha © bravo ≠ charlie 𝌆 delta')
// => 'alpha © bravo ≠ charlie 𝌆 delta'
stringify('alpha © bravo ≠ charlie 𝌆 delta', {useNamedReferences: true})
// => 'alpha © bravo ≠ charlie 𝌆 delta'
stringifyEntities(value[, options])
Encode special characters in value
.
options
options.escapeOnly
Whether to only escape possibly dangerous characters (boolean
,
default: false
). Those characters are "
, '
, <
, >
&
, and
`
.
options.subset
Whether to only escape the given subset of characters (Array.<string>
).
options.useNamedReferences
Whether to use named entities where possible (boolean?
, default:
false
).
options.useShortestReferences
Whether to use named entities, where possible, if that results in less
bytes (boolean?
, default: false
). Note: useNamedReferences
can be omitted when using useShortestReferences
.
options.omitOptionalSemicolons
Whether to omit semi-colons when possible (boolean?
, default: false
).
Note: This creates parse errors: don’t use this except when building
a minifier.
Omitting semi-colons is possible for certain legacy named references, and numeric entities, in some cases.
options.attribute
Only needed when operating dangerously with omitOptionalSemicolons: true
.
Create entities which don’t fail in attributes (boolean?
, default:
false
).
parse-entities
— Parse HTML character referencescharacter-entities
— Info on character entitiescharacter-entities-html4
— Info on HTML4 character entitiescharacter-entities-legacy
— Info on legacy character entitiescharacter-reference-invalid
— Info on invalid numeric character referencesFAQs
Serialize (encode) HTML character references
The npm package stringify-entities receives a total of 3,552,416 weekly downloads. As such, stringify-entities popularity was classified as popular.
We found that stringify-entities demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
NIST has failed to meet its self-imposed deadline of clearing the NVD's backlog by the end of the fiscal year. Meanwhile, CVE's awaiting analysis have increased by 33% since June.
Security News
Cloudflare has launched a setup wizard allowing users to easily create and manage a security.txt file for vulnerability disclosure on their websites.
Security News
The Socket Research team breaks down a malicious npm package targeting the legitimate DOMPurify library. It uses obfuscated code to hide that it is exfiltrating browser and crypto wallet data.