discord-rpg-concept/src/web/utils/html.ts

/**
 * Escapes unsafe characters in a string to prevent XSS.
 * @param unsafe - The raw string to escape.
 * @returns The escaped string safe for HTML insertion.
 */
export function escapeHtml(unsafe: string): string {
    return unsafe
        .replace(/&/g, "&")
        .replace(/</g, "&lt;")
        .replace(/>/g, "&gt;")
        .replace(/"/g, "&quot;")
        .replace(/'/g, "&#039;");
}