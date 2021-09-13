Escape a string for use in HTML or the inverse

Install

$ npm install escape -goat

Usage

import {htmlEscape, htmlUnescape} from 'escape-goat' ; htmlEscape( '🦄 & 🐐' ); htmlUnescape( '🦄 & 🐐' ); htmlEscape( 'Hello <em>World</em>' ); const url = 'https://sindresorhus.com?x="🦄"' ; htmlEscape `<a href=" ${url} ">Unicorn</a>` ; const escapedUrl = 'https://sindresorhus.com?x="🦄"' ; htmlUnescape `URL from HTML: ${escapedUrl} ` ;

API

Escapes the following characters in the given string argument: & < > " '

The function also works as a tagged template literal that escapes interpolated values.

Unescapes the following HTML entities in the given htmlString argument: & < > " '

The function also works as a tagged template literal that unescapes interpolated values.

Tip

Ensure you always quote your HTML attributes to prevent possible XSS.

FAQ

Why yet another HTML escaping package?

I couldn't find one I liked that was tiny, well-tested, and had both escape and unescape methods.