/** * Escape a string to be safe to use in XML content. * CC-BY-SA: hgoebl * https://stackoverflow.com/questions/7918868/ * how-to-escape-xml-entities-in-javascript * @param {!string} unsafe Unsafe string. * @return {string} XML-escaped string, for use within an XML tag. */ const xmlEscape = function (unsafe) { return unsafe.replace(/[<>&'"]/g, c => { switch (c) { case '<': return '<'; case '>': return '>'; case '&': return '&'; case '\'': return '''; case '"': return '"'; } }); }; module.exports = xmlEscape;