Skip to main content
Bun.escapeHTML() escapes HTML characters in a string. It makes the following replacements.
  • " becomes """
  • & becomes "&"
  • ' becomes "'"
  • < becomes "&lt;"
  • > becomes "&gt;"
This function is optimized for large input. Non-string values are converted to a string before escaping.
Bun.escapeHTML("<script>alert('Hello World!')</script>");
// &lt;script&gt;alert(&#x27;Hello World!&#x27;)&lt;&#x2F;script&gt;

See Utils.