string->encodeHtml

Escapes text for HTML output.

Target member

Signature

1string->encodeHtml(linebreaks::boolean= ?, ignorechars::boolean= ?)

Escapes text for HTML output.

string->encodeHtml is called with member syntax on a receiver value. string->encodeHtml works with text values. Normalize input at boundaries, escape at output boundaries, and keep encoding calls close to the place where the encoded text is needed.

Parameters

linebreaks
Optional value of type boolean. Supply linebreaks positionally unless the signature shows a keyword form.
ignorechars
Optional value of type boolean. Supply ignorechars positionally unless the signature shows a keyword form.

Examples

Basic call

1'<b>Ada</b>'->encodeHtml
The example shows the receiver and result shape. In templates, apply escaping at the final output boundary.

Small HTML escaping helper

1[2define h(value) => string(#value)->encodeHtml3local(name) = web_request->param('name', 'Ada')4]5<p>Hello [h(#name)]</p>
Escape at the point of HTML output, including attribute values.

Preserve line breaks in visitor text

1[2local(comment) = "Line one\nLine two"3#comment->encodeHtml(true)4]
The optional linebreak behavior is useful for plain-text comments shown inside HTML.

Leave common markup characters alone intentionally

1[2local(fragment) = '<strong>Ada & Grace</strong>'3#fragment->encodeHtml(false, true)4]
The second boolean disables escaping for the common markup characters. Use this only for text that is already trusted for the output context.

Escape before building an attribute

1[2local(q) = web_request->param('q', '')3]4<input name="q" value="[#q->encodeHtml]">
Attributes need escaping just as much as element text.
Comments
template.safety@[domain removed for privacy]

For large templates, use a short helper such as h(value) and call it at the final output boundary. That keeps database and business code from accumulating HTML-specific escaping too early.

1define h(value) => string(#value)->encodeHtml