MCPcopy
hub / github.com/gchq/CyberChef / escapeHtml

Method escapeHtml

src/core/Utils.mjs:850–864  ·  view source on GitHub ↗

* Escapes HTML tags in a string to stop them being rendered. * https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet * * Null bytes are a special case and are converted to a character from the Unicode * Private Use Area, which CyberChef will display as

(str)

Source from the content-addressed store, hash-verified

848 * Utils.escapeHtml("A <script> tag");
849 */
850 static escapeHtml(str) {
851 const HTML_CHARS = {
852 "&": "&amp;",
853 "<": "&lt;",
854 ">": "&gt;",
855 '"': "&quot;",
856 "'": "&#x27;", // &apos; not recommended because it's not in the HTML spec
857 "`": "&#x60;",
858 "\u0000": "\ue000"
859 };
860
861 return str ? str.replace(/[&<>"'`\u0000]/g, function (match) {
862 return HTML_CHARS[match];
863 }) : str;
864 }
865
866
867 /**

Callers 15

formatDirectoryMethod · 0.80
formatContentMethod · 0.80
formatFileMethod · 0.80
objToTableFunction · 0.80
presentMethod · 0.80
runMethod · 0.80
presentMethod · 0.80
runMethod · 0.80
runMethod · 0.80
presentMethod · 0.80
runMethod · 0.80

Calls

no outgoing calls

Tested by

no test coverage detected