Skip to content

Instantly share code, notes, and snippets.

@electerious

electerious/escapeHTML.js

Last active October 6, 2015 14:41
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save electerious/ca30857394e25d50a8c9 to your computer and use it in GitHub Desktop.
Save electerious/ca30857394e25d50a8c9 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
escapeHTML.js
escapeHTML = (html = '') => {
// Ensure that html is a string
html += ''
// Escape all critical characters
html = html.replace(/&/g, '&')
.replace(/</g, '&lt;')
.replace(/>/g, '&gt;')
.replace(/"/g, '&quot;')
.replace(/'/g, '&#039;')
.replace(/`/g, '&#96;')
return html
}
@electerious
Copy link
Author

Example:

let htmlString = `<script>alert('XSS')</script>`,
    output     = escapeHTML(htmlString)

console.log(output)

Output:

&lt;script&gt;alert(&#039;Hello XSS&#039;)&lt;/script&gt;

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment