bevacqua
commented
10 years ago I wrote this as an alternative
https://gist.github.com/bevacqua/83d98737ffd3b5509212
If you want I could add it to the package.json and create a pull request
Closed bevacqua closed 10 years ago
bevacqua
commented
10 years ago I wrote this as an alternative
https://gist.github.com/bevacqua/83d98737ffd3b5509212
If you want I could add it to the package.json and create a pull request
mathiasbynens
commented
10 years ago As stated in the README, he works just fine in browser environments. Why would you need an alternative?
Your alternative is vulnerable to XSS (decodeHtml), and even disregarding that, the code is not equivalent to he’s intended functionality. See https://github.com/mathiasbynens/he/issues/18 for more information.
bevacqua
commented
10 years ago Thanks for the heads up on using a <textarea> instead. I know it works just fine in the browser, but I wanted a non-fat version since it's just for markdown previews, and the HTML is never sent to the server, the markdown is rendered again on the server-side using he
mathiasbynens
commented
10 years ago So you just want he.escape then, i.e., only escape unsafe characters? You could use _.escape then.
Hey, I'm looking for alternatives to
hefor the browser, any recommendations? It's just for UX, I'd still be usinghein the server.