Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/pauldraper/html5-escape

Escape strings for HTML5 in a pleasing manner
https://github.com/pauldraper/html5-escape

Last synced: about 1 month ago
JSON representation

Escape strings for HTML5 in a pleasing manner

Awesome Lists containing this project

README 

          
# html5-escape



Escape strings for HTML5 in a pleasing manner.



While it is relative unchallenging to sufficiently escape strings, this library escapes minimally.

E.g.



```javascript

const string = 'a && b';



/* sufficiently */

const Serializer = require('parse5/lib/serializer');

Serializer.escapeString(string);

// 'a && b'



/* minimally */

const { Escaper } = require('html5-escape');

new Escaper().escapeData(string);

// 'a && b'

```



html5-escape can optionally encode control or non-ASCII characters. It preferentially uses named entities when available (e.g. `'α'`, `' '`).



## Usage



```javascript

import { Escaper } from 'html5-escape';



const escaper = new Escaper();

escaper.escapeData('< Abbott & Costello &me; "on first"');

// '< Abbott & Costello &me;'

escaper.escapeDoubleQuotedAttribute('< Abbott & Costello &me; "on first"');

// '< Abbott & Costello &me; "on first&quote;'

```



## API



### Escaper



Escape text for HTML5 documents.



The NUL character cannot be included in HTML documents. It is replaced with U+FFFD

'REPLACEMENT CHARACTER'.



#### Parameters



- `options` **[Options](#options)** (optional, default `{}`)



#### escapeData



- **See: [HTML 5.2, 8.2.4.1](https://www.w3.org/TR/html52/syntax.html#data-state)**



Escape a text node



##### Parameters



- `value` **[string](https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/String)** text to escape



##### Examples



```javascript

escaper.escapeData('< Abbott & Costello &me; "on first"');

// '< Abbott & Costello &me; "on first"'

```



Returns **[string](https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/String)** escaped text



#### escapeDoubleQuotedAttribute



- **See: [HTML 5.2, 8.2.4.36](https://www.w3.org/TR/html52/syntax.html#attribute-value-double-quoted-state)**



Escape an attribute value using double-quotes



##### Parameters



- `value` **[string](https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/String)** text to escape



##### Examples



```javascript

escaper.escapeData('< Abbott & Costello &me; "on first"');

// '< Abbott & Costello &me; "on first"'

```



Returns **[string](https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/String)** escaped text



#### escapeSingleQuotedAttribute



- **See: [HTML 5.2, 8.2.4.37](https://www.w3.org/TR/html52/syntax.html#attribute-value-single-quoted-state)**



Escape an attribute value using single-quotes



##### Parameters



- `value` **[string](https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/String)** text to escape



##### Examples



```javascript

escaper.escapeData('< Abbott & Costello &me; "on first"');

// '< Abbott & Costello &me; "on first"'

```



Returns **[string](https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/String)** escaped text



#### escapeUnquotedAttribute



- **See: [HTML 5.2, 8.2.4.38](https://www.w3.org/TR/html52/syntax.html#attribute-value-unquoted-state)**



Escape an attribute value not using quotes



##### Parameters



- `value` **[string](https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/String)** text to escape



##### Examples



```javascript

escaper.escapeData('< Abbott & Costello &me; "on first"');

// '<𠪻ott &Ȍostello &me; "on first"'

```



Returns **[string](https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/String)** escaped text



### Options



Type: [Object](https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/Object)



#### Properties



- `escapeRanges` **[string](https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/String)?** zero or more of 'control', 'nonbreaking-space', and 'non-ascii'. Defaults to

  ['control', 'nonbreaking-space']

- `escapeBase` **[string](https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/String)?** either 10 or 16. Defaults to 16.

- `forceEscape` **[boolean](https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/Boolean)?** whether to coerce characters to alternative forms if necessary to escape them.

  Defaults to true.