| 1 | /*! |
| 2 | # HTML Escape |
|---|
| 3 | |
|---|
| 4 | This library is for encoding/escaping special characters in HTML and decoding/unescaping HTML entities as well. |
|---|
| 5 | |
|---|
| 6 | ## Usage |
|---|
| 7 | |
|---|
| 8 | ### Encoding |
|---|
| 9 | |
|---|
| 10 | This crate provides some `encode_*` functions to encode HTML text in different situations. |
|---|
| 11 | |
|---|
| 12 | For example, to put a text between a start tag `<foo>` and an end tag `</foo>`, use the `encode_text` function to escape every `&`, `<`, and `>` in the text. |
|---|
| 13 | |
|---|
| 14 | ```rust |
|---|
| 15 | assert_eq!("a > b && a < c" , html_escape::encode_text("a > b && a < c" )); |
|---|
| 16 | ``` |
|---|
| 17 | |
|---|
| 18 | The functions suffixed with `_to_writer`, `_to_vec` or `_to_string` are useful to generate HTML. |
|---|
| 19 | |
|---|
| 20 | ```rust |
|---|
| 21 | let mut html = String::from("<input value=" ); |
|---|
| 22 | assert_eq!("Hello world!" , html_escape::encode_unquoted_attribute_to_string("Hello world!" , &mut html)); |
|---|
| 23 | html.push_str(" placeholder= \"" ); |
|---|
| 24 | assert_eq!("The default value is "Hello world!"." , html_escape::encode_double_quoted_attribute_to_string("The default value is \"Hello world! \"." , &mut html)); |
|---|
| 25 | html.push_str(" \"/><script>alert('" ); |
|---|
| 26 | assert_eq!(r"<script>\'s end tag is <\/script>" , html_escape::encode_script_single_quoted_text_to_string("<script>'s end tag is </script>" , &mut html)); |
|---|
| 27 | html.push_str("');</script>" ); |
|---|
| 28 | |
|---|
| 29 | assert_eq!("<input value=Hello world! placeholder= \"The default value is "Hello world!". \"/><script>alert( \'<script> \\\'s end tag is < \\/script> \');</script>" , html); |
|---|
| 30 | ``` |
|---|
| 31 | |
|---|
| 32 | ### Decoding |
|---|
| 33 | |
|---|
| 34 | ```rust |
|---|
| 35 | assert_eq!("Hello world!" , html_escape::decode_html_entities("Hello world!" )); |
|---|
| 36 | ``` |
|---|
| 37 | |
|---|
| 38 | ```rust |
|---|
| 39 | assert_eq!("alert('<script></script>');" , html_escape::decode_script(r"alert('<script><\/script>');" )); |
|---|
| 40 | ``` |
|---|
| 41 | |
|---|
| 42 | ## No Std |
|---|
| 43 | |
|---|
| 44 | Disable the default features to compile this crate without std. |
|---|
| 45 | |
|---|
| 46 | ```toml |
|---|
| 47 | [dependencies.html-escape] |
|---|
| 48 | version = "*" |
|---|
| 49 | default-features = false |
|---|
| 50 | ``` |
|---|
| 51 | |
|---|
| 52 | ## Benchmark |
|---|
| 53 | |
|---|
| 54 | ```bash |
|---|
| 55 | cargo bench |
|---|
| 56 | ``` |
|---|
| 57 | */ |
|---|
| 58 | |
|---|
| 59 | #![cfg_attr (not(feature = "std" ), no_std)] |
|---|
| 60 | |
|---|
| 61 | extern crate alloc; |
|---|
| 62 | |
|---|
| 63 | mod decode; |
|---|
| 64 | mod encode; |
|---|
| 65 | mod functions; |
|---|
| 66 | |
|---|
| 67 | pub use decode::*; |
|---|
| 68 | pub use encode::*; |
|---|
| 69 | |
|---|
