This library allows to escape html string and unescape named and numeric character references (e.g. >, >, &x3e;) to the corresponding unicode characters
escape : String -> String
Escapes a string converting characters that could be used to inject XSS vectors (http://wonko.com/post/html-escaping). At the moment we escape &, <, >, ", ', `, , !, @, $, %, (, ), =, +, {, }, [ and ]
for example
escape "&<>\"" == "&<>""
unescape : String -> String
Unescapes a string, converting all named and numeric character references (e.g. >, >, &x3e;) to their corresponding unicode characters.
for example
unescape ""&<>" == "\"&<>"