htmlEntities for JavaScript

Avatar of Chris Coyier
Chris Coyier on

htmlentities() is a PHP function which converts special characters (like <) into their escaped/encoded values (like &lt;). This allows you to show to display the string without the browser reading it as HTML.

JavaScript doesn’t have a native version of it. If you just need the very basics to so that the browser won’t interpret as HTML, this should work fine (via James Padolsey and I got a a similar idea from David Walsh).

function htmlEntities(str) {
    return String(str).replace(/&/g, '&amp;').replace(/</g, '&lt;').replace(/>/g, '&gt;').replace(/"/g, '&quot;');

The PHP.js project, which is a project to port over all of PHP’s native functions to JavaScript, contains an example as well. I tried it and it works, but I’ve been warned much of the code from that project is poorly written, so I’ve kept it simple and used the above.