Escape HTML utils.
Install the module
npm install @wordpress/escape-htmlThis package assumes that your code will run in an ES2015+ environment. If you're using an environment that has limited or no support for ES2015+ such as lower versions of IE then using core-js or @babel/polyfill will add support for these methods. Learn more about it in Babel docs.
# escapeAmpersand
Returns a string with ampersands escaped. Note that this is an imperfect implementation, where only ampersands which do not appear as a pattern of named, decimal, or hexadecimal character references are escaped. Invalid named references (i.e. ambiguous ampersand) are are still permitted.
Related
- https://w3c.github.io/html/syntax.html#character-references
- https://w3c.github.io/html/syntax.html#ambiguous-ampersand
- https://w3c.github.io/html/syntax.html#named-character-references
Parameters
- value
string: Original string.
Returns
string: Escaped string.
# escapeAttribute
Returns an escaped attribute value.
Related
- https://w3c.github.io/html/syntax.html#elements-attributes "[...] the text cannot contain an ambiguous ampersand [...] must not contain any literal U+0022 QUOTATION MARK characters (")"
Note we also escape the greater than symbol, as this is used by wptexturize to split HTML strings. This is a WordPress specific fix
Note that if a resolution for Trac#45387 comes to fruition, it is no longer
necessary for __unstableEscapeGreaterThan to be used.
See: https://core.trac.wordpress.org/ticket/45387
Parameters
- value
string: Attribute value.
Returns
string: Escaped attribute value.
# escapeEditableHTML
Returns an escaped Editable HTML element value. This is different from
escapeHTML, because for editable HTML, ALL ampersands must be escaped in
order to render the content correctly on the page.
Parameters
- value
string: Element value.
Returns
string: Escaped HTML element value.
# escapeHTML
Returns an escaped HTML element value.
Related
- https://w3c.github.io/html/syntax.html#writing-html-documents-elements "the text must not contain the character U+003C LESS-THAN SIGN (<) or an ambiguous ampersand."
Parameters
- value
string: Element value.
Returns
string: Escaped HTML element value.
# escapeLessThan
Returns a string with less-than sign replaced.
Parameters
- value
string: Original string.
Returns
string: Escaped string.
# escapeQuotationMark
Returns a string with quotation marks replaced.
Parameters
- value
string: Original string.
Returns
string: Escaped string.
# isValidAttributeName
Returns true if the given attribute name is valid, or false otherwise.
Parameters
- name
string: Attribute name to test.
Returns
boolean: Whether attribute is valid.
