b0nes
Version:
Zero-dependency component library and SSR/SSG framework
22 lines (21 loc) • 622 B
JavaScript
/**
* Escapes HTML attribute values
* Stricter than escapeHtml, suitable for attribute contexts
* @param {string} value - The attribute value to escape
* @returns {string} The escaped attribute value
* @example
* escapeAttr('onclick="alert(1)"')
* // Returns: 'onclick="alert(1)"'
*/
export const escapeAttr = (value) => {
if (typeof value !== 'string') {
return '';
}
return value
.replace(/&/g, '&')
.replace(/</g, '<')
.replace(/>/g, '>')
.replace(/"/g, '"')
.replace(/'/g, ''')
.replace(/\//g, '/');
};