HtmlEncode
string-functions HtmlEncode
The HtmlEncode function encodes strings for safe use in HTML content by escaping special characters.
syntax
HtmlEncode(strings: E->String) -> E->String
definition
Converts strings to HTML-safe format by replacing special characters with HTML entity references:
| Character | Entity |
|---|---|
< | < |
> | > |
& | & |
" | " |
' | ' |
This prevents:
- Cross-site scripting (XSS) vulnerabilities
- Broken HTML structure from user content
- Display issues with special characters
arguments
| argument | description | type |
|---|---|---|
| strings | Input strings to encode | E->String |
performance
Time complexity: O(n × L) where n is the number of strings and L is the average string length.
Encoded strings are typically slightly longer than input strings.
example
unit<uint32> UserContent: nrofrows = 3;
attribute<String> raw_text (UserContent) := union_data(UserContent,
'Hello <world>',
'A & B',
'Quote: "test"'
);
attribute<String> safe_html (UserContent) := HtmlEncode(raw_text);
// safe_html = {'Hello <world>', 'A & B', 'Quote: "test"'}
// Safe to include in HTML output
parameter<String> html_template := '<div class="content">' + safe_html[0] + '</div>';
use cases
- Generating HTML reports with user-provided data
- Creating safe HTML exports
- Preventing script injection in web output
see also
- htmldecode - reverse operation
- urlencode - for URL parameters
- string-functions
since version
7.0