Francis.HTML (Francis v0.3.1)

Utilities for safe HTML handling.

Provides HTML escaping to prevent Cross-Site Scripting (XSS) vulnerabilities when interpolating untrusted content into HTML responses.

Examples

iex> Francis.HTML.escape("<script>alert('xss')</script>")
"&lt;script&gt;alert(&#39;xss&#39;)&lt;/script&gt;"

iex> Francis.HTML.escape("Hello, World!")
"Hello, World!"

iex> Francis.HTML.escape(nil)
""

Summary

Functions

escape(text)

Escapes HTML special characters in a string to prevent XSS attacks.

Functions

escape(text)

@spec escape(nil | String.t()) :: String.t()

Escapes HTML special characters in a string to prevent XSS attacks.

Escapes the following characters:

& → &
< → <
> → >
" → "
' → '

Returns an empty string for nil input.

Examples

iex> Francis.HTML.escape("<b>bold</b>")
"&lt;b&gt;bold&lt;/b&gt;"

iex> Francis.HTML.escape("safe text")
"safe text"

iex> Francis.HTML.escape(~s(a "quoted" value))
"a &quot;quoted&quot; value"