output-html only.Expand description
HTML5 export backend (E012 US2 — FR-005, FR-014, AD-004, HINT-004).
§Safe-to-embed guarantee
Output produced by write_html is safe to embed verbatim inside an
HTML5 document. The hand-rolled 4-char escape table (per AD-004)
covers every metacharacter that can break out of either text-content
position or a double-quoted attribute position:
| Byte | Escape | Position(s) protected |
|---|---|---|
< | < | text + attribute |
> | > | text + attribute |
& | & | text + attribute |
" | " | attribute (double-quoted) only |
§Double-quoted-attribute constraint (HINT-004)
Every attribute value emitted by this backend uses "..." quoting.
Single quotes (') are NOT escaped because they are not metacharacters
inside "..." quoting. The SVG and HTML backends both consume this
same 4-char table — any future backend that emits single-quoted
attributes MUST add ' to the escape set (per AD-004).
§XSS posture
Library callers can pass arbitrary user-controlled strings into a
crate::filter::RenderGrid via crate::filter::Cell::ch; the
escape table protects against:
<script>payload injection (<is escaped →<script>).- Attribute-injection (
"is escaped →"><img onerror=x"cannot close a surrounding attribute). - Double-encoding (
&is escaped →&collisions are explicit).
Fuzz harness fuzz/fuzz_targets/html_escape.rs (T050) enforces the
property:
output contains no unescaped < > " AND len(output) ≤ 6 × len(input).
§Pre-sized writer (FR-027)
write_html allocates String::with_capacity(w * h * 32) up front
to amortize realloc cost. The factor 32 covers <span style="color:#RRGGBB">X</span>
plus newlines + escape expansion in the typical case.
Functions§
- write_
html - Encode
gridas an HTML5 fragment.