npmpackage.info

Gathering detailed insights and metrics for escape-html

Other packages similar to escape-html

@types/escape-html

1.0.4

TypeScript definitions for escape-html

@wordpress/escape-html

3.13.0

Escape HTML utils.

es-escape-html

0.1.1

es-escape-html rewrite for ESM

unescape-html

1.1.0

The reverse of escape-html

Gathering detailed insights and metrics for escape-html

escape-html

Escape string for use in HTML

1.0.3

463

MIT

JavaScript

6,749,717,884 3

Installations

npm install escape-html

Score

99.4

Supply Chain

76.6

Quality

Maintenance

100

Vulnerability

100

License

Pull Requests

Open

2

Total

22

Closed

14

Merged

6

Issues

Open

0

Total

7

Closed

7

Releases

Unable to fetch releases

Developer

component

Developer Guide

BETA

Module System

Unable to determine the module system for this package.

Min. Node Version

Typescript Support

No

Node Version

NPM Version

1.4.28 Statistics

463 Stars

36 Commits

102 Forks

11 Watching

1 Branches

28 Contributors

Updated on 19 Nov 2024

Languages

JavaScript (100%)

Total Downloads

Cumulative downloads

Total Downloads

6,749,717,884

Last day

-6%

6,217,005

Compared to previous day

Last week

2.1%

36,513,980

Compared to previous week

Last month

8.3%

151,163,031

Compared to previous month

Last year

7.9%

1,575,777,051

Compared to previous year

Daily Downloads

Weekly Downloads

Monthly Downloads

Yearly Downloads

Dev Dependencies

benchmark beautify-benchmark

Versions

escape-html

Escape string for use in HTML

This module exports a single function, escapeHtml, that is used to escape a string of content such that it can be interpolated in HTML content.

Installation

This is a Node.js module available through the npm registry. Installation is done using the npm install command:

1$ npm install escape-html

API

escapeHtml(string)

Escape special characters in the given string of text, such that it can be interpolated in HTML content.

This function will escape the following characters: ", ', &, <, and >.

Note that the escaped value is only suitable for being interpolated into HTML as the text content of elements in which the tag does not have different escaping mechanisms (it cannot be placed inside <style> or <script>, for example, as those content bodies are not HTML, but CSS and JavaScript, respectively; these are known as "raw text elements" in the HTML standard).

Note when using the escaped value within a tag, it is only suitable as the value of an attribute, where the value is quoted with either a double quote character (") or a single quote character (').

Example

The escapeHtml function is designed to accept a string input of text and return an escaped value to interpolate into HTML.

1var escapeHtml = require('escape-html')
2
3// example values
4var desc = 'I <b>think</b> this is good.'
5var fullName = 'John "Johnny" Smith'
6
7// example passing in text into a html attribute
8console.dir('<input name="full_name" value="' + escapeHtml(fullName) + '">')
9// -> '<input name="full_name" value="John &quot;Johnny&quot; Smith">'
10
11// example passing in text in html body
12console.dir('<textarea name="desc">' + escapeHtml(desc) + '</textarea>')
13// -> '<textarea name="desc">I &lt;b&gt;think&lt;/b&gt; this is good.</textarea>'

Benchmark

$ npm run-script bench

> escape-html@1.0.3 bench nodejs-escape-html
> node benchmark/index.js


  http_parser@1.0
  node@0.10.33
  v8@3.14.5.9
  ares@1.9.0-DEV
  uv@0.10.29
  zlib@1.2.3
  modules@11
  openssl@1.0.1j

  1 test completed.
  2 tests completed.
  3 tests completed.

  no special characters    x 19,435,271 ops/sec ±0.85% (187 runs sampled)
  single special character x  6,132,421 ops/sec ±0.67% (194 runs sampled)
  many special characters  x  3,175,826 ops/sec ±0.65% (193 runs sampled)

License

MIT

No vulnerabilities found.

10

Binary-Artifacts

Determines if the project has generated executable (binary) artifacts in the source repository.

10

Vulnerabilities

Determines if the project has open, known unfixed vulnerabilities.

10

License

Determines if the project has defined a license.

0

Code-Review

Determines if the project requires human code review before pull requests (aka merge requests) are merged.

0

Maintained

Determines if the project is "actively maintained".

0

SAST

Determines if the project uses static code analysis.

0

CII-Best-Practices

Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.

0

Fuzzing

Determines if the project uses fuzzing.

0

Security-Policy

Determines if the project has published a security policy.

0

Branch-Protection

Determines if the default and release branches are protected with GitHub's branch protection settings.

Score

3

/10

Last Scanned on 2024-11-25

The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.

Learn More