Provided by: node-he_1.1.1-1_all bug


     he — encode/decode HTML entities just like a browser would


     he [--escape string]
        [--encode string]
        [--encode --use-named-refs --everything --allow-unsafe string]
        [--decode string]
        [--decode --attribute string]
        [--decode --strict string]
        [-v | --version]
        [-h | --help]


     he encodes/decodes HTML entities in strings just like a browser would.


      Take a string of text and escape it for use in text contexts in XML or HTML documents. Only
      the following characters are escaped: `&`, `<`, `>`, `"`, and `'`.

      Take a string of text and encode any symbols that aren't printable ASCII symbols and that
      can be replaced with character references. For example, it would turn `©` into `&#xA9;`,
      but it wouldn't turn `+` into `&#x2B;` since there is no point in doing so. Additionally,
      it replaces any remaining non-ASCII symbols with a hexadecimal escape sequence (e.g.
      `&#x1D306;`). The return value of this function is always valid HTML.

      --encode --use-named-refs
      Enable the use of named character references (like `&copy;`) in the output. If
      compatibility with older browsers is a concern, don't use this option.

      --encode --everything
      Encode every symbol in the input string, even safe printable ASCII symbols.

      --encode --allow-unsafe
      Encode non-ASCII characters only. This leaves unsafe HTML/XML symbols like `&`, `<`, `>`,
      `"`, and `'` intact.

      --encode --decimal
      Use decimal digits rather than hexadecimal digits for encoded character references, e.g.
      output `&#169;` instead of `&#xA9;`.

      Takes a string of HTML and decode any named and numerical character references in it using
      the algorithm described in the HTML spec.

      --decode --attribute
      Parse the input as if it was an HTML attribute value rather than a string in an HTML text

      --decode --strict
      Throw an error if an invalid character reference is encountered.

      -v, --version
      Print he's version.

      -h, --help
      Show the help screen.


     The he utility exits with one of the following values:

     0     he did what it was instructed to do successfully; either it encoded/decoded the input
           and printed the result, or it printed the version or usage message.
     1     he encountered an error.


     he --escape '<script>alert(1)</script>'
     Print an escaped version of the given string that is safe for use in HTML text contexts,
     escaping only `&`, `<`, `>`, `"`, and `'`.

     he --decode '&copy;&#x1D306;'
     Print the decoded version of the given HTML string.

     echo '&copy;&#x1D306;' | he --decode
     Print the decoded version of the HTML string that gets piped in.


     he's bug tracker is located at <>.


     Mathias Bynens <>



                                          April 5, 2016