Function htmlescape::encode_minimal [−][src]
pub fn encode_minimal(s: &str) -> String
HTML entity-encode a string.
Entity-encodes a string with a minimal set of entities:
" -- "& -- &' -- '< -- <> -- >
Arguments
s- The string to encode.
Return value
The encoded string.
Example
let encoded = htmlescape::encode_minimal("<em>Hej!</em>"); assert_eq!(&encoded, "<em>Hej!</em>");
Safety notes
Using the function to encode an untrusted string that is to be used as a HTML attribute value may lead to XSS vulnerabilities. Consider the following example:
let name = "dummy onmouseover=alert(/XSS/)"; // User input let tag = format!("<option value={}>", htmlescape::encode_minimal(name)); // Here `tag` is "<option value=dummy onmouseover=alert(/XSS/)>"
Use escape_attribute for escaping HTML attribute values.