README
xss-escape
Escapes strings for safe insertion into html, and helps prevents cross site scripting attacks.
xss-escape escapes the following characters to their respective html character codes.
- & -> &
- < -> <
- > -> >
- " -> "
- ' -> '
- / -> /
- Note that xss-escape only protects data being used in the body of html elements. It does not protect in other contexts such as html attribute or url contexts.
In NodeJS
npm install xss-escape
var xssEscape = require('xss-escape');
var escapedString = xssEscape(unsafeString);
In the Browser
<script src="path/to/xss-escape.js"></script>
<script>
var escapedString = xssEscape(unsafeString);
</script>
Can be used with nested objects or arrays.
var escapedObject = xssEscape({ a: 'foo', [{ b: 'bar' }, 'baz' ] });
Run Tests
While in the project's root directory.
npm install
nodeunit test.js
or run tests on every file save.
grunt watch
Run Benchmarks
While in the project's root directory run.
npm install
grunt benchmark