pub fn encode_minimal(s: &str) -> String
Expand description
HTML entity-encode a string.
Entity-encodes a string with a minimal set of entities:
" -- "
& -- &
' -- '
< -- <
> -- >
§Arguments
s
- The string to encode.
§Return value
The encoded string.
§Example
let encoded = htmlescape::encode_minimal("<em>Hej!</em>");
assert_eq!(&encoded, "<em>Hej!</em>");
§Safety notes
Using the function to encode an untrusted string that is to be used as a HTML attribute value may lead to XSS vulnerabilities. Consider the following example:
let name = "dummy onmouseover=alert(/XSS/)"; // User input
let tag = format!("<option value={}>", htmlescape::encode_minimal(name));
// Here `tag` is "<option value=dummy onmouseover=alert(/XSS/)>"
Use escape_attribute
for escaping HTML attribute values.