search

GPTScript / AiScript

A Minimal, Full-Stack, Tool-Assisted Language. Native to Browsers and Bun. Strictly & Strongly-Typed.
https://github.com/GPTScript/AiScript
Mozilla Public License 2.0
9 stars 1 forks source link

escapeHtml #4

Open coolaj86 opened 2 years ago

coolaj86 commented 2 years ago 
// escape ['&'].concat(['"', "'", '<', '>']) (in lexical order)
function escapeHtml(unsafe) {
    return unsafe
        // & must be escaped first (to prevent double escaping)
        .replaceAll('&', '&amp;')
        // these are in lexicographic sort order
        .replaceAll('"', '&quot;')
        .replaceAll("'", '&apos;')
        .replaceAll('<', '&lt;')
        .replaceAll('>', '&gt;');
}

Or strip all html (pre-render), client-side:

function sanitize(s) {
    let d = document.createElement("div");
    d.textContent = s;
    return d.innerHTML;
}

Note: use d.innerText() for post-render

See also: