encodehtml/index.js

escaping and unescaping HTML entities – commonly needed utils to prevent XSS attacks when rendering user generated content

/**
 * Escape special characters in the given string of html
 *
 * @param {String} html
 * @return {String}
 *
 */
module.exports = {
	escape: function(html){
		return String(html)
			.replace(/&/g, '&')
			.replace(/"/g, '"')
			.replace(/'/g, ''')
			.replace(/</g, '&lt;')
			.replace(/>/g, '&gt;');
	},

	/**
	 * Unescape special characters in the given string of html
	 *
	 * @param {String} html
	 * @return {String}
	 *
	 */
	unescape: function(html){
		return String(html)
			.replace(/&amp;/g, '&')
			.replace(/&quot;/g, '"')
			.replace(/&#39;/g, '\'')
			.replace(/&lt;/g, '<')
			.replace(/&gt;/g, '>');
	}
}