or run

npx @tessl/cli init
Log in

Version

Tile

Overview

Evals

Files

Files

docs

index.md
tile.json

index.mddocs/

0
# lodash.escape
1


2
lodash.escape is the lodash method `_.escape` exported as a standalone module. It provides HTML entity escaping for strings to prevent XSS attacks by converting HTML special characters (&, <, >, ", ', `) to their corresponding HTML entities.
3


4
## Package Information
5


6
- **Package Name**: lodash.escape
7
- **Package Type**: npm
8
- **Language**: JavaScript
9
- **Installation**: `npm install lodash.escape`
10


11
## Core Imports
12


13
```javascript
14
const escape = require('lodash.escape');
15
```
16


17
For ES modules:
18


19
```javascript
20
import escape from 'lodash.escape';
21
```
22


23
## Basic Usage
24


25
```javascript
26
const escape = require('lodash.escape');
27


28
// Basic HTML escaping
29
const userInput = 'Hello <script>alert("XSS")</script> & welcome!';
30
const safeHtml = escape(userInput);
31
console.log(safeHtml);
32
// => 'Hello &lt;script&gt;alert(&quot;XSS&quot;)&lt;/script&gt; &amp; welcome!'
33


34
// Common use case: preparing data for HTML attributes
35
const userName = 'John "Johnny" O\'Malley';
36
const htmlAttribute = `<div data-user="${escape(userName)}">`;
37
// => '<div data-user="John &quot;Johnny&quot; O&#39;Malley">'
38
```
39


40
## Capabilities
41


42
### HTML Entity Escaping
43


44
Converts HTML special characters in strings to their corresponding HTML entities to prevent XSS attacks and ensure safe rendering in HTML contexts.
45


46
```javascript { .api }
47
/**
48
 * Converts the characters "&", "<", ">", '"', "'", and "`" in string to their corresponding HTML entities.
49
 * @param {string} [string=''] - The string to escape.
50
 * @returns {string} Returns the escaped string.
51
 */
52
function escape(string)
53
```
54


55
**Character Mappings:**
56


57
| Input Character | HTML Entity |
58
|----------------|-------------|
59
| `&` | `&amp;` |
60
| `<` | `&lt;` |
61
| `>` | `&gt;` |
62
| `"` | `&quot;` |
63
| `'` | `&#39;` |
64
| `` ` `` | `&#96;` |
65
66
**Important Notes:**
67


68
- The forward slash `/` character is **not** escaped, as it doesn't require escaping in HTML
69
- Only the six specific characters listed above are converted to entities
70
- Null and undefined values are converted to empty strings
71
- Non-string inputs are automatically converted to strings before processing
72
- Performance optimized: only performs replacement if unescaped characters are detected
73


74
**Usage Examples:**
75


76
```javascript
77
const escape = require('lodash.escape');
78


79
// All escapable characters
80
escape('&<>"\'`');
81
// => '&amp;&lt;&gt;&quot;&#39;&#96;'
82


83
// Mixed content with unescapable characters
84
escape('Hello & goodbye/world');
85
// => 'Hello &amp; goodbye/world'
86


87
// Empty and null handling
88
escape('');        // => ''
89
escape(null);      // => ''
90
escape(undefined); // => ''
91


92
// Non-string input
93
escape(123);       // => '123'
94
escape(true);      // => 'true'
95


96
// Strings with no escapable characters
97
escape('Hello world'); // => 'Hello world'
98


99
// Template usage
100
const templateData = {
101
  title: 'News & Updates',
102
  content: 'Check out our "latest" features!'
103
};
104


105
const html = `
106
  <h1>${escape(templateData.title)}</h1>
107
  <p>${escape(templateData.content)}</p>
108
`;
109
// Safe HTML output with escaped entities
110
```
111


112
**Common Use Cases:**
113


114
- Escaping user input before rendering in HTML
115
- Preparing strings for HTML attributes (data-*, class names with quotes, etc.)
116
- Template rendering where HTML escaping is required
117
- API responses that will be inserted into DOM
118
- Form data processing for web applications
119
- Preventing XSS attacks in dynamic content