The HTMLEscape function is used to escape special characters in a given string so that they can be safely displayed in HTML. It is commonly used to prevent HTML injection and to ensure that user-generated content is properly rendered.
The function replaces the special characters with their corresponding HTML entities. For example, the less-than symbol “<” is replaced with “<”, the greater-than symbol “>” is replaced with “>”, and the ampersand symbol “&” is replaced with “&”.
Here is an example usage of the HTMLEscape function in Go:
package main
import (
"fmt"
"html"
)
func main() {
str := "<script>alert('Hello, World!');</script>"
escapedStr := html.EscapeString(str)
fmt.Println(escapedStr)
}
Output:
<script></script>
In the above example, the html.EscapeString() function is used to escape the special characters in the given string "<script>alert('Hello, World!');</script>". The result is then printed, showing the escaped version of the string that can be safely displayed in HTML without executing any scripts.