html
- Description:
- Provides methods for HTML encoding and decoding. This namespace includes functions to safely encode and decode strings for use in HTML contexts, preventing XSS (Cross-Site Scripting) attacks. It is useful for sanitizing user input before displaying it in web pages, ensuring that special characters are properly escaped. It helps to prevent security vulnerabilities by converting characters like `<`, `>`, and `&` into their corresponding HTML entities.
Methods
(static) decode(encodedString) → {string}
- Description:
- Decodes an HTML encoded string back to its original form.
Example
const decoded = html.decode('<script>alert("XSS")</script>');
console.log(decoded); // Outputs: <script>alert("XSS")</script>Parameters:
| Name | Type | Description |
|---|---|---|
encodedString |
string | The HTML encoded string to decode. |
Returns:
The decoded string.
- Type
- string
(static) encode(inputString) → {string}
- Description:
- Encodes a string for safe HTML display.
Example
const encoded = html.encode('<script>alert("XSS")</script>');
console.log(encoded); // Outputs: <script>alert("XSS")</script>Parameters:
| Name | Type | Description |
|---|---|---|
inputString |
string | The string to encode. |
Returns:
The HTML encoded string.
- Type
- string