Stared into Node's abyss. It stares back. Terror overwhelms me: NPM: "137,720 downloads in the last day"https://github.com/component/escape-html/blob/master/index.js …
-
-
Replying to @slightlylate
what did you expect? - require jsdom - assign textContent - read back innerHTML ? :)
1 reply 0 retweets 1 like -
Replying to @cramforce
: kinda yes? I mean,
@mathias is waaaaaaaaay ahead here, and it still isn't that:https://www.npmjs.com/package/he2 replies 0 retweets 5 likes -
Replying to @slightlylate
I think the canonical solution is the html escaper in caja (usable without the more esoteric parts). Must be available on npm.
1 reply 0 retweets 2 likes -
Replying to @cramforce
: I was actually expecting there to be something Gumbo-based at this point w/ template string helpers. Too much to ask?
2 replies 0 retweets 0 likes -
Replying to @slightlylate
: OH HAI gumbo-sanitize: https://www.npmjs.com/package/gumbo-sanitize …
1 reply 0 retweets 0 likes -
Replying to @slightlylate
the challenge of html escaping isn't the escape part, but when to escape in a large app. Only solution is runtime type system
1 reply 0 retweets 1 like
: doing at good job at the escaping bit is the table stakes, tho.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
& Web Standards TL; Blink API OWNER
Named PWAs w/
DMs open. Tweets my own; press@google.com for official comms.