Function htmlescape::encode_minimal [−] [src]

pub fn encode_minimal(s: &str) -> String

HTML entity-encode a string.

Entity-encodes a string with a minimal set of entities:

" -- "
& -- &
' -- '
< -- <
> -- >

Arguments

s - The string to encode.

Return value

The encoded string.

Example

let encoded = htmlescape::encode_minimal("<em>Hej!</em>");
assert_eq!(&encoded, "&lt;em&gt;Hej!&lt;/em&gt;");

Safety notes

Using the function to encode an untrusted string that is to be used as a HTML attribute value may lead to XSS vulnerabilities. Consider the following example:

let name = "dummy onmouseover=alert(/XSS/)";    // User input
let tag = format!("<option value={}>", htmlescape::encode_minimal(name));
// Here `tag` is    "<option value=dummy onmouseover=alert(/XSS/)>"

Use escape_attribute for escaping HTML attribute values.