HTML encoding is simply replacing &
, "
, '
, <
and >
chars with their entity equivalents. Order matters, if you don't replace the &
chars first, you'll double encode some of the entities:
if (!String.prototype.encodeHTML) {
String.prototype.encodeHTML = function () {
return this.replace(/&/g, '&')
.replace(/</g, '<')
.replace(/>/g, '>')
.replace(/"/g, '"')
.replace(/'/g, ''');
};
}
As @Johan B.W. de Vries pointed out, this will have issues with the tag names, I would like to clarify that I made the assumption that this was being used for the value
only
Conversely if you want to decode HTML entities1, make sure you decode &
to &
after everything else so that you don't double decode any entities:
if (!String.prototype.decodeHTML) {
String.prototype.decodeHTML = function () {
return this.replace(/'/g, "'")
.replace(/"/g, '"')
.replace(/>/g, '>')
.replace(/</g, '<')
.replace(/&/g, '&');
};
}
1 just the basics, not including ©
to ?
or other such things
As far as libraries are concerned. Underscore.js (or Lodash if you prefer) provides an _.escape
method to perform this functionality.
与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…