Rob--W/escaopeHTMLTag.js

## escaopeHTMLTag.js
/* Example:
var someUnsafeStr = '<img>';
var result = escapeHTMLTag`<input value="${someUnsafeStr}">`;
console.log(result); // <input value="&lt;img&gt;">

// Questions? rob {at} robwu.nl
// */

function escapeHTML(str) {
    // Note: string cast using String; may throw if `str` is non-serializable, e.g. a Symbol.
    // Most often this is not the case though.
    return String(str)
        .replace(/&/g, '&amp;')
        .replace(/"/g, '&quot;').replace(/'/g, '&#39;')
        .replace(/</g, '&lt;').replace(/>/g, '&gt;');
}

// A tag for template literals that escapes any value as HTML.
function escapeHTMLTag(strings, ...values) {
   let results = [];
   for (let i = 0; i < strings.length; ++i) {
       results.push(strings[i]);
       if (i < values.length) { // values[strings.length-1] can be undefined
           results.push(escapeHTML(values[i]));
       }
   }
   return results.join('');
}
	/* Example:
	var someUnsafeStr = '<img>';
	var result = escapeHTMLTag`<input value="${someUnsafeStr}">`;
	console.log(result); // <input value="<img>">

	// Questions? rob {at} robwu.nl
	// */

	function escapeHTML(str) {
	// Note: string cast using String; may throw if `str` is non-serializable, e.g. a Symbol.
	// Most often this is not the case though.
	return String(str)
	.replace(/&/g, '&')
	.replace(/"/g, '"').replace(/'/g, ''')
	.replace(/</g, '<').replace(/>/g, '>');
	}

	// A tag for template literals that escapes any value as HTML.
	function escapeHTMLTag(strings, ...values) {
	let results = [];
	for (let i = 0; i < strings.length; ++i) {
	results.push(strings[i]);
	if (i < values.length) { // values[strings.length-1] can be undefined
	results.push(escapeHTML(values[i]));
	}
	}
	return results.join('');
	}