This page is part of the Prototype JavaScript framework documentation.
Overview | (...)

String.prototype.escapeHTML takes a string, encodes it with HTML entities, and returns a copy of the encoded string. That is to say that it returns a copy of the string with special/unsafe characters (’<’, ’>’, ’&’, etc…) replaced with their HTML entity representation (’&lt;’, ’&gt;’, ’&amp;’, etc…).

Syntax

  string.escapeHTML();

Returns

A copy of string with special/unsafe characters replaced/encoded with their HTML entity representation.

Example

 <script type="text/javascript">
   var stringHTML = '<p>foo &amp; bar</p>';
   var stringEscapedHTML = stringHTML.escapeHTML();
      // stringEscapedHTML = '&lt;p&gt;foo &amp;amp; bar&lt;/p&gt;'

   stringEscapedHTML = '<p>foo &amp; bar</p>'.escapeHTML();
      // stringEscapedHTML = '&lt;p&gt;foo &amp;amp; bar&lt;/p&gt;';
</script>

stringEscapedHTML is equal to ’&lt;p&gt;foo &amp;amp; bar&lt;/p&gt;’.

stringHTML remains equal to ’<p>foo &amp; bar</p>’.

Notes

String.prototype.escapeHTML uses the proprietary (not official DOM) but widely supported innerHTML property to convert special characters with their HTML entity representation, not Java Script’s escape() or replace() functions as often seen in some other solutions.

It is unclear if there are special characters other than ’<’, ’>’, and ’&’ encoded by String.prototype.escapeHTML.