📄 readme.md

← 返回目录

escape-goat

Escape a string for use in HTML or the inverse

![Build Status](https://travis-ci.org/sindresorhus/escape-goat)

Install

$ npm install escape-goat

Usage

const {htmlEscape, htmlUnescape} = require('escape-goat');
htmlEscape('🦄 & 🐐');
//=> '🦄 & 🐐'
htmlUnescape('🦄 & 🐐');
//=> '🦄 & 🐐'
htmlEscape('Hello World');
//=> 'Hello <em>World</em>'
const url = 'https://sindresorhus.com?x="🦄"';
htmlEscapeUnicorn;
//=> 'Unicorn'
const escapedUrl = 'https://sindresorhus.com?x="🦄"';
htmlUnescapeURL from HTML: ${url};
//=> 'URL from HTML: https://sindresorhus.com?x="🦄"'

API

htmlEscape(string)

Escapes the following characters in the given string argument: & < > " '

The function also works as a tagged template literal that escapes interpolated values.

htmlUnescape(htmlString)

Unescapes the following HTML entities in the given htmlString argument: & < > " '

The function also works as a tagged template literal that unescapes interpolated values.

Tip

Ensure you always quote your HTML attributes to prevent possible XSS.

FAQ

Why yet another HTML escaping package?

I couldn't find one I liked that was tiny, well-tested, and had both .escape() and .unescape().

查看原始 Markdown
OpenClaw Agents File Server