The HTMLEscape function is used to escape special characters in a given string so that they can be safely displayed in HTML. It is commonly used to prevent HTML injection and to ensure that user-generated content is properly rendered.
The function replaces the special characters with their corresponding HTML entities. For example, the less-than symbol “<” is replaced with “<”, the greater-than symbol “>” is replaced with “>”, and the ampersand symbol “&” is replaced with “&”.
Here is an example usage of the HTMLEscape function in Go:
package main import ( "fmt" "html" ) func main() { str := "<script>alert('Hello, World!');</script>" escapedStr := html.EscapeString(str) fmt.Println(escapedStr) }
Output:
<script></script>
In the above example, the html.EscapeString()
function is used to escape the special characters in the given string "<script>alert('Hello, World!');</script>"
. The result is then printed, showing the escaped version of the string that can be safely displayed in HTML without executing any scripts.