Componentpedia / Listings / html-escape

Last update: 02/04/2026

html-escape

This library is for encoding/escaping special characters in HTML and decoding/unescaping HTML entities as well.

Latest version: 0.2.13 registry icon
Maintenance score
0
Safety score
0
Popularity score
71
Check your open source dependency risks. Get immediate insight about security, stability and licensing risks.
De-risk your app now
Security
  Vulnerabilities
Version Suggest Low Medium High Critical
0.2.13 0 0 0 0 0
0.2.12 0 0 0 0 0
0.2.11 0 0 0 0 0
0.2.10 0 0 0 0 0
0.2.9 0 0 0 0 0
0.2.8 0 0 0 0 0
0.2.7 0 0 0 0 0
0.2.6 0 0 0 0 0
0.2.5 0 0 0 0 0
0.2.4 0 0 0 0 0
0.2.3 0 0 0 0 0
0.2.2 0 0 0 0 0
0.2.1 0 0 0 0 0
0.2.0 0 0 0 0 0
0.1.0 0 0 0 0 0

Stability
Latest release:

0.2.13 - This version may not be safe as it has not been updated for a long time. Find out if your coding project uses this component and get notified of any reported security vulnerabilities with Meterian-X Open Source Security Platform

Licensing

Maintain your licence declarations and avoid unwanted licences to protect your IP the way you intended.

MIT   -   MIT License

Not a wildcard

Not proprietary

OSI Compliant

HTML Escape

CI

This library is for encoding/escaping special characters in HTML and decoding/unescaping HTML entities as well.

Usage

Encoding

This crate provides some encode_* functions to encode HTML text in different situations.

For example, to put a text between a start tag <foo> and an end tag </foo>, use the encode_text function to escape every &, <, and > in the text.

assert_eq!("a &gt; b &amp;&amp; a &lt; c", html_escape::encode_text("a > b && a < c"));

The functions suffixed with _to_writer, _to_vec or _to_string are useful to generate HTML.

let mut html = String::from("<input value=");
assert_eq!("Hello&#x20;world&#x21;", html_escape::encode_unquoted_attribute_to_string("Hello world!", &mut html));
html.push_str(" placeholder=\"");
assert_eq!("The default value is &quot;Hello world!&quot;.", html_escape::encode_double_quoted_attribute_to_string("The default value is \"Hello world!\".", &mut html));
html.push_str("\"/><script>alert('");
assert_eq!(r"<script>\'s end tag is <\/script>", html_escape::encode_script_single_quoted_text_to_string("<script>'s end tag is </script>", &mut html));
html.push_str("');</script>");

assert_eq!("<input value=Hello&#x20;world&#x21; placeholder=\"The default value is &quot;Hello world!&quot;.\"/><script>alert(\'<script>\\\'s end tag is <\\/script>\');</script>", html);

Decoding

assert_eq!("Hello world!", html_escape::decode_html_entities("Hello&#x20;world&#x21;"));
assert_eq!("alert('<script></script>);'", html_escape::decode_script(r"alert('<script><\/script>);'"));

No Std

Disable the default features to compile this crate without std.

[dependencies.html-escape]
version = "*"
default-features = false

Benchmark

cargo bench

Crates.io

https://crates.io/crates/html-escape

Documentation

https://docs.rs/html-escape

License

MIT