`web`

HTML escape and markup utilities - escape the five special HTML characters (&, <, >, ", ') for safe text insertion; replace newlines with <br> tags; build a tag-wrapped element with or without attributes; join an attribute object into an HTML attribute string.

Load with: use web

What this module does

web is a pure-ilusm markup utility. Its most important function is webes (or web.esc), which escapes the five HTML-special characters to prevent XSS when inserting user-controlled text into HTML output. The element builders produce simple opening-tag + content + closing-tag strings - no DOM, no virtual DOM.

Quick example

use web

# Escape for safe HTML insertion
safe = webes('Hello <World> "test"')
# "Hello &lt;World&gt; &quot;test&quot;"

# Element builder (no attributes)
prn(webel("h1", "Hello World"))
# "<h1>Hello World</h1>"

# Element with attributes
prn(webel("a", {href: "https://example.com", class: "link"}, "click here"))
# "<a href="https://example.com" class="link">click here</a>"

# Newlines to <br>
prn(webnl("line one\nline two"))
# "line one<br>\nline two"

# Namespace style
safe = web.esc(user_input)

Functions

Escaping

webes(s) / web.esc(s)

Escapes &, <, >, ", and ' to their HTML entity equivalents (&, <, >, ", '). Essential for XSS prevention.

webnl(s)

Replaces all \n newlines with <br>\n for HTML rendering of multi-line text.

Element building

webel(tag, inner)

Returns <tag>inner</tag>. Both arguments are coerced to strings.

webel(tag, attrs, inner)

Returns a tag with HTML attributes: <tag key="val" ...>inner</tag>. Attribute values are HTML-escaped.

webjo(attrs)

Converts an attribute object to a space-separated key="value" string, with values escaped. Errors if attrs is not an object.

Notes

No DOM interaction - all functions return strings. For DOM manipulation see the dom module.
Requires trl and txt.