# Escape HTML

Escape HTML utils.

## Installation

Install the module

```bash
npm install @wordpress/escape-html
```

_This package assumes that your code will run in an **ES2015+** environment. If you're using an environment that has limited or no support for ES2015+ such as lower versions of IE then using [core-js](https://github.com/zloirock/core-js) or [@babel/polyfill](https://babeljs.io/docs/en/next/babel-polyfill) will add support for these methods. Learn more about it in [Babel docs](https://babeljs.io/docs/en/next/caveats)._

## API

<!-- START TOKEN(Autogenerated API docs) -->

<a name="escapeAmpersand" href="#escapeAmpersand">#</a> **escapeAmpersand**

Returns a string with ampersands escaped. Note that this is an imperfect
implementation, where only ampersands which do not appear as a pattern of
named, decimal, or hexadecimal character references are escaped. Invalid
named references (i.e. ambiguous ampersand) are are still permitted.

_Related_

-   <https://w3c.github.io/html/syntax.html#character-references>
-   <https://w3c.github.io/html/syntax.html#ambiguous-ampersand>
-   <https://w3c.github.io/html/syntax.html#named-character-references>

_Parameters_

-   _value_ `string`: Original string.

_Returns_

-   `string`: Escaped string.

<a name="escapeAttribute" href="#escapeAttribute">#</a> **escapeAttribute**

Returns an escaped attribute value.

_Related_

-   <https://w3c.github.io/html/syntax.html#elements-attributes> "[...] the text cannot contain an ambiguous ampersand [...] must not contain
    any literal U+0022 QUOTATION MARK characters (")"

Note we also escape the greater than symbol, as this is used by wptexturize to
split HTML strings. This is a WordPress specific fix

Note that if a resolution for Trac#45387 comes to fruition, it is no longer
necessary for `__unstableEscapeGreaterThan` to be used.

See: <https://core.trac.wordpress.org/ticket/45387>

_Parameters_

-   _value_ `string`: Attribute value.

_Returns_

-   `string`: Escaped attribute value.

<a name="escapeEditableHTML" href="#escapeEditableHTML">#</a> **escapeEditableHTML**

Returns an escaped Editable HTML element value. This is different from
`escapeHTML`, because for editable HTML, ALL ampersands must be escaped in
order to render the content correctly on the page.

_Parameters_

-   _value_ `string`: Element value.

_Returns_

-   `string`: Escaped HTML element value.

<a name="escapeHTML" href="#escapeHTML">#</a> **escapeHTML**

Returns an escaped HTML element value.

_Related_

-   <https://w3c.github.io/html/syntax.html#writing-html-documents-elements> "the text must not contain the character U+003C LESS-THAN SIGN (\<) or an
    ambiguous ampersand."

_Parameters_

-   _value_ `string`: Element value.

_Returns_

-   `string`: Escaped HTML element value.

<a name="escapeLessThan" href="#escapeLessThan">#</a> **escapeLessThan**

Returns a string with less-than sign replaced.

_Parameters_

-   _value_ `string`: Original string.

_Returns_

-   `string`: Escaped string.

<a name="escapeQuotationMark" href="#escapeQuotationMark">#</a> **escapeQuotationMark**

Returns a string with quotation marks replaced.

_Parameters_

-   _value_ `string`: Original string.

_Returns_

-   `string`: Escaped string.

<a name="isValidAttributeName" href="#isValidAttributeName">#</a> **isValidAttributeName**

Returns true if the given attribute name is valid, or false otherwise.

_Parameters_

-   _name_ `string`: Attribute name to test.

_Returns_

-   `boolean`: Whether attribute is valid.


<!-- END TOKEN(Autogenerated API docs) -->

<br/><br/><p align="center"><img src="https://s.w.org/style/images/codeispoetry.png?1" alt="Code is Poetry." /></p>