src/lib/ui/html-utils.ts
Symbols by Kind
function
3
All Symbols
| Name | Kind | Visibility | Status | Lines | Signature |
|---|---|---|---|---|---|
| escapeHtml | function | exported- | 6-11 | escapeHtml(text: string | undefined | null): : string |
|
| escHtml | function | exported- | 17-23 | escHtml(s: string): : string |
|
| escapeAttr | function | exported- | 26-33 | escapeAttr(text: string): : string |
Full Source
/**
* Shared HTML utility functions used across popup and devtools panel.
*/
/** Escapes HTML entities to prevent XSS when inserting user-supplied text. */
export function escapeHtml(text: string | undefined | null): string {
if (!text) return "";
const div = document.createElement("div");
div.textContent = text;
return div.innerHTML;
}
/**
* Escapes HTML entities using regex — safe for attribute values and innerHTML.
* Escapes &, <, >, and " (but not '). Use in content scripts (no DOM required).
*/
export function escHtml(s: string): string {
return s
.replace(/&/g, "&")
.replace(/</g, "<")
.replace(/>/g, ">")
.replace(/"/g, """);
}
/** Escapes characters for use inside HTML attribute values. */
export function escapeAttr(text: string): string {
return text
.replace(/&/g, "&")
.replace(/"/g, """)
.replace(/'/g, "'")
.replace(/</g, "<")
.replace(/>/g, ">");
}