string->encodeHtml
Escapes text for HTML output.
Target
Signature
1string->encodeHtml(linebreaks::boolean= ?, ignorechars::boolean= ?)Escapes text for HTML output.
string->encodeHtml is called with member syntax on a receiver value. string->encodeHtml works with text values. Normalize input at boundaries, escape at output boundaries, and keep encoding calls close to the place where the encoded text is needed.
Parameters
linebreaks- Optional value of type
boolean. Supplylinebreakspositionally unless the signature shows a keyword form. ignorechars- Optional value of type
boolean. Supplyignorecharspositionally unless the signature shows a keyword form.
Examples
Basic call
1'<b>Ada</b>'->encodeHtmlThe example shows the receiver and result shape. In templates, apply escaping at the final output boundary.
Small HTML escaping helper
1[2define h(value) => string(#value)->encodeHtml3local(name) = web_request->param('name', 'Ada')4]5<p>Hello [h(#name)]</p>Escape at the point of HTML output, including attribute values.
Preserve line breaks in visitor text
1[2local(comment) = "Line one\nLine two"3#comment->encodeHtml(true)4]The optional linebreak behavior is useful for plain-text comments shown inside HTML.
Leave common markup characters alone intentionally
1[2local(fragment) = '<strong>Ada & Grace</strong>'3#fragment->encodeHtml(false, true)4]The second boolean disables escaping for the common markup characters. Use this only for text that is already trusted for the output context.
Escape before building an attribute
1[2local(q) = web_request->param('q', '')3]4<input name="q" value="[#q->encodeHtml]">Attributes need escaping just as much as element text.
For large templates, use a short helper such as h(value) and call it at the final output boundary. That keeps database and business code from accumulating HTML-specific escaping too early.