DOKK / manpages / debian 12 / node-he / he.1.en
he(1) General Commands Manual he(1)

heencode/decode HTML entities just like a browser would

he [--escape string]
[--encode string]
[--encode --use-named-refs --everything --allow-unsafe string]
[--decode string]
[--decode --attribute string]
[--decode --strict string]
[-v | --version]
[-h | --help]

he encodes/decodes HTML entities in strings just like a browser would.

Take a string of text and escape it for use in text contexts in XML or HTML documents. Only the following characters are escaped: `&`, `<`, `>`, `"`, and `'`.
Take a string of text and encode any symbols that aren't printable ASCII symbols and that can be replaced with character references. For example, it would turn `©` into `&#xA9;`, but it wouldn't turn `+` into `&#x2B;` since there is no point in doing so. Additionally, it replaces any remaining non-ASCII symbols with a hexadecimal escape sequence (e.g. `&#x1D306;`). The return value of this function is always valid HTML.
--encode --use-named-refs
Enable the use of named character references (like `&copy;`) in the output. If compatibility with older browsers is a concern, don't use this option.
--encode --everything
Encode every symbol in the input string, even safe printable ASCII symbols.
--encode --allow-unsafe
Encode non-ASCII characters only. This leaves unsafe HTML/XML symbols like `&`, `<`, `>`, `"`, and `'` intact.
--encode --decimal
Use decimal digits rather than hexadecimal digits for encoded character references, e.g. output `&#169;` instead of `&#xA9;`.
Takes a string of HTML and decode any named and numerical character references in it using the algorithm described in the HTML spec.
--decode --attribute
Parse the input as if it was an HTML attribute value rather than a string in an HTML text content.
--decode --strict
Throw an error if an invalid character reference is encountered.
Print he's version.
Show the help screen.

The he utility exits with one of the following values:

he did what it was instructed to do successfully; either it encoded/decoded the input and printed the result, or it printed the version or usage message.
he encountered an error.

alert(1)</script>'
Print an escaped version of the given string that is safe for use in HTML text contexts, escaping only `&`, `<`, `>`, `"`, and `'`.
Print the decoded version of the given HTML string.
Print the decoded version of the HTML string that gets piped in.

he's bug tracker is located at <https://github.com/mathiasbynens/he/issues>.

Mathias Bynens <https://mathiasbynens.be/>

<https://mths.be/he>

April 5, 2016