{"id":17733670,"url":"https://github.com/hugodf/html-esc","last_synced_at":"2026-02-09T20:34:40.090Z","repository":{"id":258822936,"uuid":"875798905","full_name":"HugoDF/html-esc","owner":"HugoDF","description":"JavaScript Template Literal Tag that converts to HTML-escaped content. Eg. html`\u003cdiv\u003e${myVar}\u003c/div\u003e`","archived":false,"fork":false,"pushed_at":"2024-10-21T20:36:18.000Z","size":23,"stargazers_count":1,"open_issues_count":1,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2024-10-22T10:28:18.788Z","etag":null,"topics":["javascript-template-literals","tagged-template-literal","web-components"],"latest_commit_sha":null,"homepage":"https://npm.im/html-esc","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/HugoDF.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null},"funding":{"github":"HugoDF"}},"created_at":"2024-10-20T21:13:08.000Z","updated_at":"2024-10-21T19:43:31.000Z","dependencies_parsed_at":"2024-10-21T23:54:57.710Z","dependency_job_id":null,"html_url":"https://github.com/HugoDF/html-esc","commit_stats":null,"previous_names":["hugodf/html-esc"],"tags_count":4,"template":false,"template_full_name":"HugoDF/node-mit-boilerplate","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/HugoDF%2Fhtml-esc","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/HugoDF%2Fhtml-esc/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/HugoDF%2Fhtml-esc/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/HugoDF%2Fhtml-esc/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/HugoDF","download_url":"https://codeload.github.com/HugoDF/html-esc/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":243584040,"owners_count":20314685,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["javascript-template-literals","tagged-template-literal","web-components"],"created_at":"2024-10-25T23:05:12.643Z","updated_at":"2026-02-09T20:34:40.025Z","avatar_url":"https://github.com/HugoDF.png","language":"JavaScript","funding_links":["https://github.com/sponsors/HugoDF"],"categories":[],"sub_categories":[],"readme":"# `html-esc`\n\n![minzip size badge](https://badgen.net/bundlephobia/minzip/html-esc)\n\nJavaScript Template Literal Tag that converts to HTML-escaped content. Eg. `` html`\u003cdiv\u003e${myVar}\u003c/div\u003e` ``.\n\nBarebones (and tiny, [\u003c50 lines of code](./html-esc.js)) alternative to [`lit-html`](https://www.npmjs.com/package/lit-html) and [`htl`](https://github.com/observablehq/htl), ideal for use in web components or to template in Vanilla/no build JavaScript.\n\nIt's ready for use straight in the browser via CDN (or copy-pasting into your project).\n\n```html\n\u003cscript type=\"importmap\"\u003e\n  { \"imports\": { \"html-esc\": \"https://esm.sh/html-esc\" } }\n\u003c/script\u003e\n\u003cscript type=\"module\"\u003e\n  import { html } from \"html-esc\";\n  const message = \"\u003cstrong\u003estrong but will get escaped\u003c/strong\u003e\";\n  document.body.innerHTML = html`\u003cdiv\u003eI'm ${message}\u003c/div\u003e`;\n\u003c/script\u003e\n```\n\nOr via npm (assuming you want to use a bundler).\n\n```sh\nnpm i html-esc\n```\n\n## Why is this necessary?\n\n`htl` has a great section on this: [htl - why not concatenate?](https://www.npmjs.com/package/htl#why-not-concatenate).\n\nIn short: values containing certain characters are not safe to be interpolated for cross-site scripting (\"XSS\") reasons and content display reasons (eg. `\u0026` having special meaning in HTML).\n\n## Credit\n\nCredit to [developit/vhtml](https://github.com/developit/vhtml) and [dodoas/stringjsx](https://github.com/dodoas/stringjsx) for:\n\n- HTML entity escape function\n- the approach to tracking \"already seen sanitized strings\", this allows for avoiding \"double escaping\" ie. this renders as expected: ``html`\u003cdiv\u003e${html`\u003cdiv\u003ehtml-tagged\u003c/div\u003e`}` ``\n\n\u003c!-- HTML sanitization initially inspired by https://news.ycombinator.com/item?id=41724867, but since regex-based replacement is necessary for attribute delimiters `\"` and `'`, all escaping is done via the regex. --\u003e\n\n## Requirements\n\n- Node 20\n- npm v8+\n\n## Setup\n\n1. Clone the repository\n2. Run `npm install` installs all required dependencies.\n\n## npm scripts\n\n- `npm test` will run tests using the [Node.js test runner](https://nodejs.org/api/test.html#running-tests-from-the-command-line) and the `node:test` module.\n- `npm run format` will run prettier on all the examples files (and tests).\n\n## LICENSE\n\nCode is licensed under the [MIT License](./LICENSE).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhugodf%2Fhtml-esc","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fhugodf%2Fhtml-esc","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhugodf%2Fhtml-esc/lists"}