Provided by: node-he_1.1.1-1_all
he — encode/decode HTML entities just like a browser would
he [--escape string] [--encode string] [--encode --use-named-refs --everything --allow-unsafe string] [--decode string] [--decode --attribute string] [--decode --strict string] [-v | --version] [-h | --help]
he encodes/decodes HTML entities in strings just like a browser would.
--escape Take a string of text and escape it for use in text contexts in XML or HTML documents. Only the following characters are escaped: `&`, `<`, `>`, `"`, and `'`. --encode Take a string of text and encode any symbols that aren't printable ASCII symbols and that can be replaced with character references. For example, it would turn `©` into `©`, but it wouldn't turn `+` into `+` since there is no point in doing so. Additionally, it replaces any remaining non-ASCII symbols with a hexadecimal escape sequence (e.g. `𝌆`). The return value of this function is always valid HTML. --encode --use-named-refs Enable the use of named character references (like `©`) in the output. If compatibility with older browsers is a concern, don't use this option. --encode --everything Encode every symbol in the input string, even safe printable ASCII symbols. --encode --allow-unsafe Encode non-ASCII characters only. This leaves unsafe HTML/XML symbols like `&`, `<`, `>`, `"`, and `'` intact. --encode --decimal Use decimal digits rather than hexadecimal digits for encoded character references, e.g. output `©` instead of `©`. --decode Takes a string of HTML and decode any named and numerical character references in it using the algorithm described in the HTML spec. --decode --attribute Parse the input as if it was an HTML attribute value rather than a string in an HTML text content. --decode --strict Throw an error if an invalid character reference is encountered. -v, --version Print he's version. -h, --help Show the help screen.
The he utility exits with one of the following values: 0 he did what it was instructed to do successfully; either it encoded/decoded the input and printed the result, or it printed the version or usage message. 1 he encountered an error.
he --escape '<script>alert(1)</script>' Print an escaped version of the given string that is safe for use in HTML text contexts, escaping only `&`, `<`, `>`, `"`, and `'`. he --decode '©𝌆' Print the decoded version of the given HTML string. echo '©𝌆' | he --decode Print the decoded version of the HTML string that gets piped in.
he's bug tracker is located at <https://github.com/mathiasbynens/he/issues>.
Mathias Bynens <https://mathiasbynens.be/>
<https://mths.be/he> April 5, 2016