tessl/npm-html-entities
High-performance HTML entities encoding and decoding library for JavaScript/TypeScript applications.
- Workspace
- tessl
- Visibility
- Public
- Created
- Last updated
- Describes
To install, run
npx @tessl/cli install tessl/npm-html-entities@2.6.0index.mddocs/
HTML Entities
HTML Entities is a high-performance library for encoding and decoding HTML entities in JavaScript and TypeScript applications. It provides comprehensive entity handling with support for HTML5, HTML4, and XML standards, featuring multiple encoding modes and decoding scopes to match browser behavior.
Package Information
- Package Name: html-entities
- Package Type: npm
- Language: TypeScript
- Installation:
npm install html-entities
Core Imports
import { encode, decode, decodeEntity } from "html-entities";
import type { EncodeOptions, DecodeOptions, Level, EncodeMode, DecodeScope } from "html-entities";For CommonJS:
const { encode, decode, decodeEntity } = require("html-entities");Basic Usage
import { encode, decode, decodeEntity } from "html-entities";
// Basic encoding - HTML special characters only
const encoded = encode('< > " \' & © ∆');
// Result: '< > " ' & © ∆'
// Basic decoding - all entities
const decoded = decode('< > " ' & © ∆');
// Result: '< > " \' & © ∆'
// Single entity decoding
const singleDecoded = decodeEntity('<');
// Result: '<'
// Advanced encoding with options
const advancedEncoded = encode('< ©', { mode: 'nonAsciiPrintable' });
// Result: '< ©'
// XML-specific encoding
const xmlEncoded = encode('< ©', { mode: 'nonAsciiPrintable', level: 'xml' });
// Result: '< ©'Architecture
HTML Entities is built around three core functions with extensive configuration options:
- encode(): Converts characters to HTML entities with configurable encoding modes and entity levels
- decode(): Converts HTML entities back to characters with configurable scopes and levels
- decodeEntity(): Handles individual entity decoding with level configuration
- Type System: Complete TypeScript definitions with strict typing for all options and return values
- Performance Optimization: Pre-compiled regular expressions and entity mappings for maximum speed
Capabilities
HTML Entity Encoding
Encodes text by replacing characters with their corresponding HTML entities. Supports multiple encoding modes from basic HTML special characters to comprehensive character encoding.
/**
* Encodes all the necessary (specified by level) characters in the text
* @param text - Text to encode (supports null/undefined, returns empty string)
* @param options - Encoding configuration options
* @returns Encoded text with HTML entities
*/
function encode(
text: string | undefined | null,
options?: EncodeOptions
): string;
interface EncodeOptions {
/** Encoding mode - determines which characters to encode */
mode?: EncodeMode;
/** Numeric format for character codes */
numeric?: 'decimal' | 'hexadecimal';
/** Entity level/standard to use */
level?: Level;
}
type EncodeMode =
| 'specialChars' // Only HTML special characters (<>&"')
| 'nonAscii' // Special chars + all non-ASCII characters
| 'nonAsciiPrintable' // Special chars + non-ASCII + non-printable ASCII
| 'nonAsciiPrintableOnly' // Only non-ASCII printable (keeps HTML special chars intact)
| 'extensive'; // All non-printable, non-ASCII, and characters with named references
type Level = 'xml' | 'html4' | 'html5' | 'all';Usage Examples:
import { encode } from "html-entities";
// Basic HTML escaping
const basic = encode('<script>alert("XSS")</script>');
// Result: '<script>alert("XSS")</script>'
// Non-ASCII character encoding
const nonAscii = encode('Hello 世界 © 2023', { mode: 'nonAscii' });
// Result: 'Hello 世界 © 2023'
// XML-only entities
const xmlOnly = encode('< > " \' &', { level: 'xml' });
// Result: '< > " ' &'
// Hexadecimal numeric entities
const hexEntities = encode('© ∆', { mode: 'nonAscii', numeric: 'hexadecimal' });
// Result: '© ∆'HTML Entity Decoding
Decodes HTML entities back to their original characters. Supports different decoding scopes to match browser parsing behavior in different contexts.
/**
* Decodes all entities in the text
* @param text - Text containing HTML entities to decode
* @param options - Decoding configuration options
* @returns Decoded text with entities converted to characters
*/
function decode(
text: string | undefined | null,
options?: DecodeOptions
): string;
interface DecodeOptions {
/** Entity level/standard to recognize */
level?: Level;
/** Decoding scope - affects handling of entities without semicolons */
scope?: DecodeScope;
}
type DecodeScope =
| 'body' // Browser behavior in tag bodies (entities without semicolon replaced)
| 'attribute' // Browser behavior in attributes (entities without semicolon when not followed by =)
| 'strict'; // Only entities with semicolonsUsage Examples:
import { decode } from "html-entities";
// Basic decoding
const basic = decode('<script>alert("XSS")</script>');
// Result: '<script>alert("XSS")</script>'
// Mixed named and numeric entities
const mixed = decode('© © © ∆');
// Result: '© © © ∆'
// Strict decoding - only entities with semicolons
const strict = decode('< >', { scope: 'strict' });
// Result: '< >' (unchanged - no semicolons)
// Body scope - entities without semicolons decoded
const body = decode('< >');
// Result: '< >' (decoded despite missing semicolons)
// XML level - only XML entities recognized
const xmlLevel = decode('© < &', { level: 'xml' });
// Result: '© < &' (copyright not decoded in XML)Single Entity Decoding
Decodes individual HTML entities, useful for processing single entities or building custom decoders.
/**
* Decodes a single entity
* @param entity - Single HTML entity to decode (e.g., '<', '©')
* @param options - Decoding configuration options
* @returns Decoded character or original entity if unknown
*/
function decodeEntity(
entity: string | undefined | null,
options?: CommonOptions
): string;
interface CommonOptions {
/** Entity level/standard to use for recognition */
level?: Level;
}Usage Examples:
import { decodeEntity } from "html-entities";
// Named entity decoding
const named = decodeEntity('<');
// Result: '<'
// Numeric entity decoding
const numeric = decodeEntity('©');
// Result: '©'
// Hexadecimal entity decoding
const hex = decodeEntity('©');
// Result: '©'
// Unknown entity (left unchanged)
const unknown = decodeEntity('&unknownentity;');
// Result: '&unknownentity;'
// Level-specific decoding
const xmlOnly = decodeEntity('©', { level: 'xml' });
// Result: '©' (unchanged - not an XML entity)
const htmlDecoded = decodeEntity('©', { level: 'html5' });
// Result: '©'Types
// Main configuration types
type Level = 'xml' | 'html4' | 'html5' | 'all';
type EncodeMode =
| 'specialChars' // HTML special characters only: <>&"'
| 'nonAscii' // Special chars + non-ASCII characters
| 'nonAsciiPrintable' // Special chars + non-ASCII + non-printable ASCII
| 'nonAsciiPrintableOnly' // Non-ASCII printable only (preserves HTML special chars)
| 'extensive'; // Comprehensive encoding of special characters
type DecodeScope =
| 'strict' // Only entities ending with semicolon
| 'body' // Browser body parsing (loose semicolon handling)
| 'attribute'; // Browser attribute parsing (semicolon handling with = check)
// Options interfaces
interface EncodeOptions {
mode?: EncodeMode; // Default: 'specialChars'
numeric?: 'decimal' | 'hexadecimal'; // Default: 'decimal'
level?: Level; // Default: 'all'
}
interface DecodeOptions {
level?: Level; // Default: 'all'
scope?: DecodeScope; // Default: 'body' (or 'strict' for XML level)
}
interface CommonOptions {
level?: Level; // Default: 'all'
}Error Handling
- Null/undefined inputs: Return empty string
- Unknown entities: Left unchanged during decoding
- Invalid numeric entities: Return Unicode replacement character (�) for out-of-bounds values
- Numeric overflow: Values >= 0x10FFFF return replacement character
- Surrogate pairs: Properly handled for characters > 65535
- Malformed entities: Invalid syntax left unchanged