1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
|
# stringify-entities [![Build Status][build-badge]][build-status] [![Coverage Status][coverage-badge]][coverage-status]
Encode HTML character references and character entities.
* [x] Very fast;
* [x] Just the encoding part;
* [x] Reliable: ``'`'`` characters are escaped to ensure no scripts
run in IE6-8. Additionally, only named entities recognised by HTML4
are encoded, meaning the infamous `'` (which people think is a
[virus][]) won’t show up.
## Algorithm
By default, all dangerous, non-ASCII, or non-printable ASCII characters
are encoded. A [subset][] of characters can be given to encode just
those characters. Alternatively, pass [`escapeOnly`][escapeonly] to
escape just the dangerous characters (`"`, `'`, `<`, `>`, `&`, `` ` ``).
By default, numeric entities are used. Pass [`useNamedReferences`][named]
to use named entities when possible, or [`useShortestReferences`][short]
to use them if that results in less bytes.
## Installation
[npm][]:
```bash
npm install stringify-entities
```
## Usage
```js
var stringify = require('stringify-entities');
stringify('alpha © bravo ≠ charlie 𝌆 delta');
//=> 'alpha © bravo ≠ charlie 𝌆 delta'
stringify('alpha © bravo ≠ charlie 𝌆 delta', {useNamedReferences: true});
//=> 'alpha © bravo ≠ charlie 𝌆 delta'
```
## API
### `stringifyEntities(value[, options])`
Encode special characters in `value`.
##### `options`
###### `options.escapeOnly`
Whether to only escape possibly dangerous characters (`boolean`,
default: `false`). Those characters are `"`, `'`, `<`, `>` `&`, and
`` ` ``.
###### `options.subset`
Whether to only escape the given subset of characters (`Array.<string>`).
###### `options.useNamedReferences`
Whether to use named entities where possible (`boolean?`, default:
`false`).
###### `options.useShortestReferences`
Whether to use named entities, where possible, if that results in less
bytes (`boolean?`, default: `false`). **Note**: `useNamedReferences`
can be omitted when using `useShortestReferences`.
###### `options.omitOptionalSemicolons`
Whether to omit semi-colons when possible (`boolean?`, default: `false`).
**Note**: This creates parse errors: don’t use this except when building
a minifier.
Omitting semi-colons is possible for [certain][dangerous] [legacy][]
named references, and numeric entities, in some cases.
###### `options.attribute`
Only needed when operating dangerously with `omitOptionalSemicolons: true`.
Create entities which don’t fail in attributes (`boolean?`, default:
`false`).
## License
[MIT][license] © [Titus Wormer][author]
<!-- Definitions -->
[build-badge]: https://img.shields.io/travis/wooorm/stringify-entities.svg
[build-status]: https://travis-ci.org/wooorm/stringify-entities
[coverage-badge]: https://img.shields.io/codecov/c/github/wooorm/stringify-entities.svg
[coverage-status]: https://codecov.io/github/wooorm/stringify-entities
[license]: LICENSE
[author]: http://wooorm.com
[npm]: https://docs.npmjs.com/cli/install
[virus]: http://www.telegraph.co.uk/technology/advice/10516839/Why-do-some-apostrophes-get-replaced-with-andapos.html
[dangerous]: dangerous.json
[legacy]: https://github.com/wooorm/character-entities-legacy
[subset]: #optionssubset
[escapeonly]: #optionsescapeonly
[named]: #optionsusenamedreferences
[short]: #optionsuseshortestreferences
|
