0.0.6 • Published 9 years ago

xss-escape v0.0.6

Weekly downloads
1,990
License
MIT
Repository
github
Last release
9 years ago

#xss-escape

Escapes strings for safe insertion into html, and helps prevents cross site scripting attacks.

xss-escape escapes the following characters to their respective html character codes.

  • & -> &
  • < -> &lt;
  • > -> &gt;
  • " -> &quot;
  • ' -> &#x27;
  • / -> &#x2F;
  • Note that xss-escape only protects data being used in the body of html elements. It does not protect in other contexts such as html attribute or url contexts.

##In NodeJS npm install xss-escape

var xssEscape = require('xss-escape');
var escapedString = xssEscape(unsafeString);

##In the Browser

<script src="path/to/xss-escape.js"></script>
<script>
    var escapedString = xssEscape(unsafeString);
</script>

##Can be used with nested objects or arrays.

var escapedObject = xssEscape({ a: 'foo', [{ b: 'bar' }, 'baz' ] });

##Run Tests While in the project's root directory.

  • npm install
  • nodeunit test.js

or run tests on every file save.

  • grunt watch

##Run Benchmarks While in the project's root directory run.

  • npm install
  • grunt benchmark
xssescapesanitizationsecurityinjectionentitieshtmlscriptingattack
@everything-registry/sub-chunk-3189My1ink@infinitebrahmanuniverse/nolb-xs
0.0.6

9 years ago

0.0.5

10 years ago

0.0.4

10 years ago

0.0.3

10 years ago

0.0.2

10 years ago

0.0.1

10 years ago

0.0.0

10 years ago