Escape HTML

JavaScript, String, Regexp · Oct 13, 2021

Escapes a string for use in HTML.

Use String.prototype.replace() with a regexp that matches the characters that need to be escaped.
Use the callback function to replace each character instance with its associated escaped character using a dictionary object.

const escapeHTML = str =>
  str.replace(
    /[&<>'"]/g,
    tag =>
      ({
        '&': '&amp;',
        '<': '&lt;',
        '>': '&gt;',
        "'": '&#39;',
        '"': '&quot;'
      }[tag] || tag)
  );

escapeHTML('<a href="#">Me & you</a>');
// '&lt;a href=&quot;#&quot;&gt;Me &amp; you&lt;/a&gt;'

More like this

Unescape HTML
Unescapes escaped HTML characters.
JavaScript, String · Oct 22, 2020
Escape RegExp
Escapes a string to use in a regular expression.
JavaScript, String · Sep 15, 2020
Strip HTML tags
Removes HTML/XML tags from string.
JavaScript, String · Sep 15, 2020