encode_minimal

htmlescape

Function encode_minimal 

Source 
pub fn encode_minimal(s: &str) -> String
Expand description

HTML entity-encode a string.

Entity-encodes a string with a minimal set of entities:

  • " -- "
  • & -- &
  • ' -- '
  • < -- &lt;
  • > -- &gt;

§Arguments

  • s - The string to encode.

§Return value

The encoded string.

§Example

let encoded = htmlescape::encode_minimal("<em>Hej!</em>");
assert_eq!(&encoded, "&lt;em&gt;Hej!&lt;/em&gt;");

§Safety notes

Using the function to encode an untrusted string that is to be used as a HTML attribute value may lead to XSS vulnerabilities. Consider the following example:

let name = "dummy onmouseover=alert(/XSS/)";    // User input
let tag = format!("<option value={}>", htmlescape::encode_minimal(name));
// Here `tag` is    "<option value=dummy onmouseover=alert(/XSS/)>"

Use escape_attribute for escaping HTML attribute values.