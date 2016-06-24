#xss-escape

Escapes strings for safe insertion into html, and helps prevents cross site scripting attacks.

xss-escape escapes the following characters to their respective html character codes.

& -> &

< -> <

> -> >

" -> "

' -> '

/ -> /

Note that xss-escape only protects data being used in the body of html elements. It does not protect in other contexts such as html attribute or url contexts.

##In NodeJS npm install xss-escape

var xssEscape = require ( 'xss-escape' ); var escapedString = xssEscape(unsafeString);

##In the Browser

< script src = "path/to/xss-escape.js" > </ script > < script > var escapedString = xssEscape(unsafeString); </ script >

##Can be used with nested objects or arrays.

var escapedObject = xssEscape({ a : 'foo' , [{ b : 'bar' }, 'baz' ] });

##Run Tests While in the project's root directory.

npm install

nodeunit test.js

or run tests on every file save.

grunt watch

##Run Benchmarks While in the project's root directory run.