0.0.7 • Published 8 years ago

xss-escape2 v0.0.7

Weekly downloads
4
License
MIT
Repository
github
Last release
8 years ago

#xss-escape2

Escapes strings for safe insertion into html, and helps prevents cross site scripting attacks.

xss-escape2 escapes the following characters to their respective html character codes.

  • & -> &
  • < -> &lt;
  • > -> &gt;
  • " -> &quot;
  • ' -> &#x27;
  • / -> &#x2F;
  • Note that xss-escape2 only protects data being used in the body of html elements. It does not protect in other contexts such as html attribute or url contexts.

##In NodeJS npm install xss-escape2

var xssEscape = require('xss-escape2');
var escapedString = xssEscape(unsafeString);

##In the Browser

<script src="path/to/xss-escape2.js"></script>
<script>
    var escapedString = xssEscape(unsafeString);
</script>

##Can be used with nested objects or arrays.

var escapedObject = xssEscape({ a: 'foo', [{ b: 'bar' }, 'baz' ] });

##Run Tests While in the project's root directory.

  • npm install
  • nodeunit test.js

or run tests on every file save.

  • grunt watch

##Run Benchmarks While in the project's root directory run.

  • npm install
  • grunt benchmark
xssescapesanitizationsecurityinjectionentitieshtmlscriptingattack
@everything-registry/sub-chunk-3189@infinitebrahmanuniverse/nolb-xs
0.0.7

8 years ago

0.0.6

8 years ago