htmlEscape top-level constant
String converter that converts characters to HTML entities.
This is intended to sanitize text before inserting the text into an HTML
document. Characters that are meaningful in HTML are converted to
HTML entities (like
If the context where the text will be inserted is known in more detail, it's possible to omit escaping some characters (like quotes when not inside an attribute value).
The escaped text should only be used inside quoted HTML attributes values or as text content of a normal element. Using the escaped text inside a tag, but not inside a quoted attribute value, is still dangerous.
const HtmlEscape htmlEscape = HtmlEscape();