or run

npx @tessl/cli init

Version

Tile

Overview

Evals

Files

docs

index.md

tile.json

tessl/npm-lodash--escape

The lodash method _.escape exported as a standalone module for converting HTML entities in strings

Workspace: tessl
Visibility: Public
Created: 4 months ago
Last updated: 4 months ago
Describes: pkg:npm/lodash.escape@3.2.x

To install, run

npx @tessl/cli install tessl/npm-lodash--escape@3.2.0

lodash.escape

lodash.escape is the lodash method _.escape exported as a standalone module. It provides HTML entity escaping for strings to prevent XSS attacks by converting HTML special characters (&, <, >, ", ', `) to their corresponding HTML entities.

Package Information

Package Name: lodash.escape
Package Type: npm
Language: JavaScript
Installation: npm install lodash.escape

Core Imports

const escape = require('lodash.escape');

For ES modules:

import escape from 'lodash.escape';

Basic Usage

const escape = require('lodash.escape');

// Basic HTML escaping
const userInput = 'Hello <script>alert("XSS")</script> & welcome!';
const safeHtml = escape(userInput);
console.log(safeHtml);
// => 'Hello &lt;script&gt;alert(&quot;XSS&quot;)&lt;/script&gt; &amp; welcome!'

// Common use case: preparing data for HTML attributes
const userName = 'John "Johnny" O\'Malley';
const htmlAttribute = `<div data-user="${escape(userName)}">`;
// => '<div data-user="John &quot;Johnny&quot; O&#39;Malley">'

Capabilities

HTML Entity Escaping

Converts HTML special characters in strings to their corresponding HTML entities to prevent XSS attacks and ensure safe rendering in HTML contexts.

/**
 * Converts the characters "&", "<", ">", '"', "'", and "`" in string to their corresponding HTML entities.
 * @param {string} [string=''] - The string to escape.
 * @returns {string} Returns the escaped string.
 */
function escape(string)

Character Mappings:

Input Character	HTML Entity
`&`	`&`
`<`	`<`
`>`	`>`
`"`	`"`
`'`	`'`
`	```

Important Notes:

The forward slash / character is not escaped, as it doesn't require escaping in HTML
Only the six specific characters listed above are converted to entities
Null and undefined values are converted to empty strings
Non-string inputs are automatically converted to strings before processing
Performance optimized: only performs replacement if unescaped characters are detected

Usage Examples:

const escape = require('lodash.escape');

// All escapable characters
escape('&<>"\'`');
// => '&amp;&lt;&gt;&quot;&#39;&#96;'

// Mixed content with unescapable characters
escape('Hello & goodbye/world');
// => 'Hello &amp; goodbye/world'

// Empty and null handling
escape('');        // => ''
escape(null);      // => ''
escape(undefined); // => ''

// Non-string input
escape(123);       // => '123'
escape(true);      // => 'true'

// Strings with no escapable characters
escape('Hello world'); // => 'Hello world'

// Template usage
const templateData = {
  title: 'News & Updates',
  content: 'Check out our "latest" features!'
};

const html = `
  <h1>${escape(templateData.title)}</h1>
  <p>${escape(templateData.content)}</p>
`;
// Safe HTML output with escaped entities

Common Use Cases:

Escaping user input before rendering in HTML
Preparing strings for HTML attributes (data-*, class names with quotes, etc.)
Template rendering where HTML escaping is required
API responses that will be inserted into DOM
Form data processing for web applications
Preventing XSS attacks in dynamic content