JavaScript htmlentities
Convert all applicable characters to HTML entities
1 2 3 4 56 7 8 9 1011 12 13 14 1516 17 18 19 2021 22 23 24 2526 27 28 29 3031 32 | function htmlentities (string, quote_style) { // Convert all applicable characters to HTML entities // // version: 1008.1718 // discuss at: http://phpjs.org/functions/htmlentities // + original by: Kevin van Zonneveld (http://kevin.vanzonneveld.net) // + revised by: Kevin van Zonneveld (http://kevin.vanzonneveld.net) // + improved by: nobbler // + tweaked by: Jack // + bugfixed by: Onno Marsman // + revised by: Kevin van Zonneveld (http://kevin.vanzonneveld.net) // + bugfixed by: Brett Zamir (http://brett-zamir.me) // + input by: Ratheous // - depends on: get_html_translation_table // * example 1: htmlentities('Kevin & van Zonneveld'); // * returns 1: 'Kevin & van Zonneveld' // * example 2: htmlentities("foo'bar","ENT_QUOTES"); // * returns 2: 'foo'bar' var hash_map = {}, symbol = '', tmp_str = '', entity = ''; tmp_str = string.toString(); if (false === (hash_map = this.get_html_translation_table('HTML_ENTITIES', quote_style))) { return false; } hash_map["'"] = '''; for (symbol in hash_map) { entity = hash_map[symbol]; tmp_str = tmp_str.split(symbol).join(entity); } return tmp_str; } |
Examples
» Example 1
Running
1 | htmlentities('Kevin & van Zonneveld'); |
Should return
1 | 'Kevin & van Zonneveld' |
» Example 2
Running
1 | htmlentities("foo'bar","ENT_QUOTES"); |
Should return
1 | 'foo'bar' |
Dependencies
In order to use this function, you also need:
Open syntax issues
php.js uses JsLint to help us keep our code consistent and prevent some common bugs.
Eventually we want all code to pass or at least take into consideration most fixes suggested by JsLint, following this JsLint configuration we’ve decided on.
Authors
Thanks to the following developers, you get to have htmlentities goodness in JavaScript.
Brett Zamir
30 Aug '09 
@vikal: 1) Why do you want to convert it to an entity? If you are trying to filter user input on the client-side, doing it this way is not a safe way to do it, since people can get around it. You should use your database's own escape mechanisms instead (e.g., mysql_real_escape_string for MySQL). 2) If you do really want the entity form, you can use \ or \ , but there is no need to escape it in HTML or XML like this since a backslash is not reserved there.
vikal
27 Aug '09
hi
though your function
htmlentities()
is good
but
now we are having problem with this symbol \
do you have any idea how to convert it to the html entities
is there any solution so that i can change
\ to htmlentities
hoping best here
regards
vikal
Brett Zamir
26 Aug '09
@vikal: Does that mean you figured out the problem with the function? If you are still having trouble, please give a precise example where you see the problem. Thanks...
vikal
26 Aug '09
hi
Really good work that you people accomplished.
so useful and i am happy to use it.
thanks
best regards
vikal acharya
vikal
24 Aug '09
hi
i have used your code to convert <!----> into html entities..
but it does not work neither it return what i need.
i have used your code as it descripted in examples
like this
function htmlentities (string) {
// Convert all applicable characters to HTML entities
//
// version: 907.503
// discuss at: http://phpjs.org/functions/htmlentities
// + original by: Kevin van Zonneveld (http://kevin.vanzonneveld.net)
// + revised by: Kevin van Zonneveld (http://kevin.vanzonneveld.net)
// + improved by: nobbler
// + tweaked by: Jack
// + bugfixed by: Onno Marsman
// + revised by: Kevin van Zonneveld (http://kevin.vanzonneveld.net)
// + bugfixed by: Brett Zamir (http://brett-zamir.me)
// + input by: Ratheous
// - depends on: get_html_translation_table
// * example 1: htmlentities('Kevin & van Zonneveld');
// * returns 1: 'Kevin & van Zonneveld'
// * example 2: htmlentities("foo'bar","ENT_QUOTES");
// * returns 2: 'foo'bar'
var hash_map = {}, symbol = '', tmp_str = '', entity = '';
tmp_str = string.toString();
if (false === (hash_map = this.get_html_translation_table('HTML_ENTITIES', 'ENT_COMPAT'))) {
return false;
}
for (symbol in hash_map) {
entity = hash_map[symbol];
tmp_str = tmp_str.split(symbol).join(entity);
}
return tmp_str;
}
including function get_html_translation_table() as it is
so would you mind telling how does it works
waiting for your response
best regards
vikal acharya
Kevin van Zonneveld
22 Mar '09
@ Bjorn Roesbeke: I've added your testcase, but it succeeds. Are you sure you're running the latest version?
Bjorn Roesbeke
4 Mar '09
F.e. a single quote with entity &#039; isn't converted correctly.
[CODE="Javascript"]htmlentities("foo'bar","ENT_QUOTES");[/CODE]
will return foo&amp;#039;
nobbler
11 Sep '08
using 'var i' instead of only 'i' in the for loop could prevent from overwriting global 'i', even though no one should use it. But well, i did, and found another error on that way, so it kinda helpt me :)
austin
Jun 7th
in my case its an email client and i want to send them html that might be in an email, but i want to convert it to source by encoding all the tags but allow a function to put it out as actual html if the user agrees to it. since i cant know what email IS and ISNT safe for them to view, and since its a browser based email its even more dangerous as it runs in the context of that page. i would just strip ALL html, but some i need (such as the html reports made by svnnotify, they just dont look the same when you strip the tags)
but you are correct, this should NOT be used for client-side sanitization. nothing from a client should be considered secure.