Escapes content for prevention of XSS (Cross Site Scripting) attacks.
npm install xss-escape#xss-escape
Escapes strings for safe insertion into html, and helps prevents cross site scripting attacks.
xss-escape escapes the following characters to their respective html character codes.
- & -> &
- < -> <
- > -> >
- " -> "
- ' -> '
- / -> /
* Note that xss-escape only protects data being used in the body of html elements.
It does not protect in other contexts such as html attribute or url contexts.
##In NodeJSnpm install xss-escape
``js`
var xssEscape = require('xss-escape');
var escapedString = xssEscape(unsafeString);
##In the Browser
`html`
##Can be used with nested objects or arrays.
`js`
var escapedObject = xssEscape({ a: 'foo', [{ b: 'bar' }, 'baz' ] });
##Run Tests
While in the project's root directory.
- npm install
-
or run tests on every file save.
- grunt watch
##Run Benchmarks
While in the project's root directory run.
- npm install
-