xml.ts
1 /** 2 * Escape XML/HTML special characters for safe interpolation into element 3 * text content (between tags). Use when untrusted strings (process stdout, 4 * user input, external data) go inside `<tag>${here}</tag>`. 5 */ 6 export function escapeXml(s: string): string { 7 return s.replace(/&/g, '&').replace(/</g, '<').replace(/>/g, '>') 8 } 9 10 /** 11 * Escape for interpolation into a double- or single-quoted attribute value: 12 * `<tag attr="${here}">`. Escapes quotes in addition to `& < >`. 13 */ 14 export function escapeXmlAttr(s: string): string { 15 return escapeXml(s).replace(/"/g, '"').replace(/'/g, ''') 16 }