logo
Free, unlimited AI code reviews that run on commit
git-lrc git-lrc GitHub Install Now We'd appreciate a star git-lrc - Free, unlimited AI code reviews that run on commit | Product Hunt git-lrc - Free, unlimited AI code reviews that run on commit | Product Hunt

he — encode/decode HTML entities just like a browser would

Author

       Mathias Bynens <https://mathiasbynens.be/>

Bugs

       he's bug tracker is located at <https://github.com/mathiasbynens/he/issues>.

Description

he encodes/decodes HTML entities in strings just like a browser would.

Examples

he--escape'<script>alert(1)</script>'
       Print  an  escaped  version of the given string that is safe for use in HTML text contexts, escaping only
       `&`, `<`, `>`, `"`, and `'`.

       he--decode'&copy;&#x1D306;'
       Print the decoded version of the given HTML string.

       echo'&copy;&#x1D306;'|he--decode
       Print the decoded version of the HTML string that gets piped in.

Exit Status

       The he utility exits with one of the following values:

       0he did what it was instructed to do successfully; either it encoded/decoded the input  and  printed
             the result, or it printed the version or usage message.
       1he encountered an error.

Name

       he — encode/decode HTML entities just like a browser would

Options

--escape
       Take a string of text and escape it for use in text contexts in XML or HTML documents. Only the following
       characters are escaped: `&`, `<`, `>`, `"`, and `'`.

       --encode
       Take a string of text and encode any symbols that aren't printable ASCII symbols and that can be replaced
       with  character  references.  For example, it would turn `©` into `&#xA9;`, but it wouldn't turn `+` into
       `&#x2B;` since there is no point in doing so. Additionally, it replaces any remaining  non-ASCII  symbols
       with  a hexadecimal escape sequence (e.g. `&#x1D306;`). The return value of this function is always valid
       HTML.

       --encode--use-named-refs
       Enable the use of named character references (like `&copy;`) in the output. If compatibility  with  older
       browsers is a concern, don't use this option.

       --encode--everything
       Encode every symbol in the input string, even safe printable ASCII symbols.

       --encode--allow-unsafe
       Encode  non-ASCII  characters  only. This leaves unsafe HTML/XML symbols like `&`, `<`, `>`, `"`, and `'`
       intact.

       --encode--decimal
       Use decimal digits rather than hexadecimal digits for encoded character references, e.g. output  `&#169;`
       instead of `&#xA9;`.

       --decode
       Takes  a string of HTML and decode any named and numerical character references in it using the algorithm
       described in the HTML spec.

       --decode--attribute
       Parse the input as if it was an HTML attribute value rather than a string in an HTML text content.

       --decode--strict
       Throw an error if an invalid character reference is encountered.

       -v,--version
       Print he's version.

       -h,--help
       Show the help screen.

Synopsis

he [--escapestring]
          [--encodestring]
          [--encode--use-named-refs--everything--allow-unsafestring]
          [--decodestring]
          [--decode--attributestring]
          [--decode--strictstring]
          [-v | --version]
          [-h | --help]

Www

       <https://mths.be/he>

                                                  April 5, 2016                                            he(1)

See Also