import { html } from "https://esm.town/v/postpostscript/html"
const unsafeInput = "<script>alert(1)</script>"
console.log(html`Value: ${unsafeInput}`)
// Value: <script>alert(1)</script>
These can be combined -- HTML marked as safe (instance is RawHTML) will be directly inserted:
const scripts = html`<script>alert(1)</script>`
console.log(html`<head>
${scripts}
</head>`.toString())
// <head>
// <script>alert(1)</script>
// </head>
To easily create HTTP Response outputs like @stevekrouse/html, use the htmlResponse utility:
import { html, htmlResponse } from "https://esm.town/v/postpostscript/html";
export default function(req: Request) {
return htmlResponse`
Request URL: ${decodeURIComponent(req.url)}
`;
}
Tests: @postpostscript/htmlTest
Migrated from folder: HTML/html