{ "url": "https://unifast.dev/zh-CN/docs/packages/core/escape-html/", "locale": "zh-CN", "title": "escapeHtml()", "description": "转义字符串中的 HTML 特殊字符。", "section": "packages", "body": "```ts\nimport { escapeHtml } from \"@unifast/core\";\n```\n\n## 签名\n\n```ts\nfunction escapeHtml(str: string): string\n```\n\n## 参数\n\n### str\n\n| 属性 | 类型 | 默认值 | 描述 |\n|----------|------|---------|-------------|\n| `str` | `string` | — | 包含需要转义字符的字符串 |\n\n## 返回值\n\n`string` —— 将 `&`、`<`、`>` 和 `\"` 替换为相应 HTML 实体后的字符串。\n\n## 用法\n\n```ts\nimport { escapeHtml } from \"@unifast/core\";\n\nconst safe = escapeHtml('');\n\nconsole.log(safe);\n// <script>alert("xss")</script>\n```\n\n## 示例\n\n### 基础转义\n\n```ts\nimport { escapeHtml } from \"@unifast/core\";\n\nconsole.log(escapeHtml(\"Tom & Jerry\"));\n// Tom & Jerry\n\nconsole.log(escapeHtml('class=\"main\"'));\n// class="main"\n\nconsole.log(escapeHtml(\"1 < 2 > 0\"));\n// 1 < 2 > 0\n```\n\n### 转义用户生成的内容\n\n```ts\nimport { escapeHtml } from \"@unifast/core\";\n\nconst userComment = '';\nconst html = `
${escapeHtml(userComment)}
`;\n\nconsole.log(html);\n//
<img src=x onerror="alert(1)">
\n```\n\n### 构建安全的 HTML 属性\n\n```ts\nimport { escapeHtml } from \"@unifast/core\";\n\nconst title = 'He said \"hello\" & waved';\nconst html = `Hover me`;\n\nconsole.log(html);\n// Hover me\n```\n\n## 行为说明\n\n- **`&`** 会被替换为 `&`\n- **`<`** 会被替换为 `<`\n- **`>`** 会被替换为 `>`\n- **`\"`** 会被替换为 `"`\n- 其他字符保持不变", "alternates": [ { "locale": "en", "url": "https://unifast.dev/docs/packages/core/escape-html/", "api": "https://unifast.dev//api/docs/packages/core/escape-html.json" }, { "locale": "ja", "url": "https://unifast.dev/ja/docs/packages/core/escape-html/", "api": "https://unifast.dev//api/ja/docs/packages/core/escape-html.json" }, { "locale": "zh-CN", "url": "https://unifast.dev/zh-CN/docs/packages/core/escape-html/", "api": "https://unifast.dev//api/zh-CN/docs/packages/core/escape-html.json" }, { "locale": "zh-TW", "url": "https://unifast.dev/zh-TW/docs/packages/core/escape-html/", "api": "https://unifast.dev//api/zh-TW/docs/packages/core/escape-html.json" }, { "locale": "ko", "url": "https://unifast.dev/ko/docs/packages/core/escape-html/", "api": "https://unifast.dev//api/ko/docs/packages/core/escape-html.json" }, { "locale": "fr", "url": "https://unifast.dev/fr/docs/packages/core/escape-html/", "api": "https://unifast.dev//api/fr/docs/packages/core/escape-html.json" }, { "locale": "it", "url": "https://unifast.dev/it/docs/packages/core/escape-html/", "api": "https://unifast.dev//api/it/docs/packages/core/escape-html.json" }, { "locale": "es", "url": "https://unifast.dev/es/docs/packages/core/escape-html/", "api": "https://unifast.dev//api/es/docs/packages/core/escape-html.json" }, { "locale": "pt-BR", "url": "https://unifast.dev/pt-BR/docs/packages/core/escape-html/", "api": "https://unifast.dev//api/pt-BR/docs/packages/core/escape-html.json" }, { "locale": "de", "url": "https://unifast.dev/de/docs/packages/core/escape-html/", "api": "https://unifast.dev//api/de/docs/packages/core/escape-html.json" }, { "locale": "ru", "url": "https://unifast.dev/ru/docs/packages/core/escape-html/", "api": "https://unifast.dev//api/ru/docs/packages/core/escape-html.json" }, { "locale": "hi", "url": "https://unifast.dev/hi/docs/packages/core/escape-html/", "api": "https://unifast.dev//api/hi/docs/packages/core/escape-html.json" }, { "locale": "id", "url": "https://unifast.dev/id/docs/packages/core/escape-html/", "api": "https://unifast.dev//api/id/docs/packages/core/escape-html.json" }, { "locale": "tr", "url": "https://unifast.dev/tr/docs/packages/core/escape-html/", "api": "https://unifast.dev//api/tr/docs/packages/core/escape-html.json" }, { "locale": "vi", "url": "https://unifast.dev/vi/docs/packages/core/escape-html/", "api": "https://unifast.dev//api/vi/docs/packages/core/escape-html.json" } ] }