DataTable.util.escapeHtml()
Escape HTML entities to make a user input string safe.
Description
DataTables is required to write to the document, which can be an unsafe operation if the data being displayed is not pre-sanitized - i.e. a hacker might attempt an injection hack. DataTables provides helper functions to address this concern and we expose the escaping function for use by extensions and plug-ins for DataTables.
This method does not attempt to encode all HTML entities, but rather to just make a simple string safe for display. This simple form is chosen for performance and meeting the requirements of most use cases. However, there are circumstances whereby you might need a more complex HTML encoder. For such cases this function can be used as a setter to give DataTables a function that it should use for escaping HTML. If used this way, the escaping function should accept a single parameter and return a sanitized string.
Types
Example
Escape HTML in a string:
let sanitized = DataTable.util.escapeHtml('<a href="...">Link</a>');
// sanitized is: '<a href="...">Link</a>'