Closed bevacqua closed 10 years ago
I wrote this as an alternative
https://gist.github.com/bevacqua/83d98737ffd3b5509212
If you want I could add it to the package.json
and create a pull request
As stated in the README, he works just fine in browser environments. Why would you need an alternative?
Your alternative is vulnerable to XSS (decodeHtml
), and even disregarding that, the code is not equivalent to he’s intended functionality. See https://github.com/mathiasbynens/he/issues/18 for more information.
Thanks for the heads up on using a <textarea>
instead. I know it works just fine in the browser, but I wanted a non-fat version since it's just for markdown previews, and the HTML is never sent to the server, the markdown is rendered again on the server-side using he
So you just want he.escape
then, i.e., only escape unsafe characters? You could use _.escape
then.
Hey, I'm looking for alternatives to
he
for the browser, any recommendations? It's just for UX, I'd still be usinghe
in the server.