Name: Flowlet
Price: 5 USD

The html namespace contains two methods for HTML sanitizing. The escape method is mandatory when including plain text in HTML templates to prevent XSS attacks.

Example code:

`<div>
  <h1>Hello ${html.escape(input.name)},</h1>
  <p>...</p>
</div>`

A user could register with the name <script>evil();</script>. This script will run when not properly escaped. With the html.escape method, the output becomes:

<div>
  <h1>Hello &lt;script&gt;evil();&lt;/script&gt;,</h1>
  <p>...</p>
</div>

This variant will display the script to the user as if it was a usual name.

Escape

Escape plain text as HTML.

escape(input: string): string;

Unescape

Convert HTML to plain text.

unescape(input: string): string;