(text: string | string[])
| 359 | * Escape HTML to prevent XSS |
| 360 | */ |
| 361 | export function escapeHtml(text: string | string[]): string { |
| 362 | if (Array.isArray(text)) { |
| 363 | return text.map(escapeHtml).join(", "); |
| 364 | } |
| 365 | |
| 366 | return text |
| 367 | .replace(/&/g, "&") |
| 368 | .replace(/</g, "<") |
| 369 | .replace(/>/g, ">") |
| 370 | .replace(/"/g, """) |
| 371 | .replace(/'/g, "'"); |
| 372 | } |
| 373 | |
| 374 | /** |
| 375 | * Validate and sanitize URLs to prevent XSS attacks |
no outgoing calls
no test coverage detected