-
Notifications
You must be signed in to change notification settings - Fork 1
HtmlEncode
Maarten Hilferink edited this page Apr 8, 2026
·
1 revision
String functions HtmlEncode
The HtmlEncode function encodes strings for safe use in HTML content by escaping special characters.
HtmlEncode(strings: E->String) -> E->String
Converts strings to HTML-safe format by replacing special characters with HTML entity references:
| Character | Entity |
|---|---|
< |
< |
> |
> |
& |
& |
" |
" |
' |
' |
This prevents:
- Cross-site scripting (XSS) vulnerabilities
- Broken HTML structure from user content
- Display issues with special characters
| argument | description | type |
|---|---|---|
| strings | Input strings to encode | E->String |
Time complexity: O(n × L) where n is the number of strings and L is the average string length.
Encoded strings are typically slightly longer than input strings.
unit<uint32> UserContent: nrofrows = 3;
attribute<String> raw_text (UserContent) := union_data(UserContent,
'Hello <world>',
'A & B',
'Quote: "test"'
);
attribute<String> safe_html (UserContent) := HtmlEncode(raw_text);
// safe_html = {'Hello <world>', 'A & B', 'Quote: "test"'}
// Safe to include in HTML output
parameter<String> html_template := '<div class="content">' + safe_html[0] + '</div>';
- Generating HTML reports with user-provided data
- Creating safe HTML exports
- Preventing script injection in web output
- HtmlDecode - reverse operation
- UrlEncode - for URL parameters
- String functions
7.0
GeoDMS ©Object Vision BV. Source code distributed under GNU GPL-3. Documentation distributed under CC BY-SA 4.0.