he(1)

.br .br .br .br .br .br .br encodes/decodes HTML entities in strings just like a browser would.

Section 1 node-he bookworm source

Description

NAME

he — encode/decode HTML entities just like a browser would

SYNOPSIS

he [--escape string]
[--encode string]
[--encode --use-named-refs --everything --allow-unsafe string]
[--decode string]
[--decode --attribute string]
[--decode --strict string]
[-v --version]
[-h --help]

DESCRIPTION

he encodes/decodes HTML entities in strings just like a browser would.

OPTIONS
--escape

Take a string of text and escape it for use in text contexts in XML or HTML documents. Only the following characters are escaped: ‘&‘, ‘<‘, ‘>‘, ‘"‘, and ‘’‘.

--encode

Take a string of text and encode any symbols that aren’t printable ASCII symbols and that can be replaced with character references. For example, it would turn ‘©‘ into ‘&#xA9;‘, but it wouldn’t turn ‘+‘ into ‘&#x2B;‘ since there is no point in doing so. Additionally, it replaces any remaining non-ASCII symbols with a hexadecimal escape sequence (e.g. ‘&#x1D306;‘). The return value of this function is always valid HTML.

--encode --use-named-refs

Enable the use of named character references (like ‘&copy;‘) in the output. If compatibility with older browsers is a concern, don’t use this option.

--encode --everything

Encode every symbol in the input string, even safe printable ASCII symbols.

--encode --allow-unsafe

Encode non-ASCII characters only. This leaves unsafe HTML/XML symbols like ‘&‘, ‘<‘, ‘>‘, ‘"‘, and ‘’‘ intact.

--encode --decimal

Use decimal digits rather than hexadecimal digits for encoded character references, e.g. output ‘&#169;‘ instead of ‘&#xA9;‘.

--decode

Takes a string of HTML and decode any named and numerical character references in it using the algorithm described in the HTML spec.

--decode --attribute

Parse the input as if it was an HTML attribute value rather than a string in an HTML text content.

--decode --strict

Throw an error if an invalid character reference is encountered.

-v, --version

Print he’s version.

-h, --help

Show the help screen.

EXIT STATUS

The he utility exits with one of the following values:

0

he did what it was instructed to do successfully; either it encoded/decoded the input and printed the result, or it printed the version or usage message.

1

he encountered an error.

EXAMPLES
he --escape ’<script>alert(1)</script>’

Print an escaped version of the given string that is safe for use in HTML text contexts, escaping only ‘&‘, ‘<‘, ‘>‘, ‘"‘, and ‘’‘.

he --decode ’&copy;&#x1D306;’

Print the decoded version of the given HTML string.

echo ’&copy;&#x1D306;’ | he --decode

Print the decoded version of the HTML string that gets piped in.

BUGS

he’s bug tracker is located at <https://github.com/mathiasbynens/he/issues>.

AUTHOR

Mathias Bynens <https://mathiasbynens.be/>

WWW

<https://mths.be/he> April 5, 2016 he(1)