diff --git a/vlib/encoding/html/escape.v b/vlib/encoding/html/escape.v
index 5931adc4ae..5a7706a336 100644
--- a/vlib/encoding/html/escape.v
+++ b/vlib/encoding/html/escape.v
@@ -13,7 +13,7 @@ pub struct EscapeConfig {
pub fn escape(input string, config EscapeConfig) string {
tag_free_input := input.replace_each(['&', '&', '<', '<', '>', '>'])
return if config.quote {
- tag_free_input.replace_each(['"', '"', "'", '''])
+ tag_free_input.replace_each(['"', '"', "'", '''])
} else {
tag_free_input
}
diff --git a/vlib/encoding/html/escape_test.v b/vlib/encoding/html/escape_test.v
index 2b8ffbe13c..da0cb50af9 100644
--- a/vlib/encoding/html/escape_test.v
+++ b/vlib/encoding/html/escape_test.v
@@ -5,15 +5,15 @@ fn test_escape_html() {
assert html.escape('No change') == 'No change'
assert html.escape('Bold text') == '<b>Bold text</b>'
assert html.escape('![]()
') == '<img />'
- assert html.escape("' onmouseover='alert(1)'") == '' onmouseover='alert(1)''
- assert html.escape("link") == '<a href='http://www.example.com'>link</a>'
- assert html.escape("") == '<script>alert('hello');</script>'
+ assert html.escape("' onmouseover='alert(1)'") == '' onmouseover='alert(1)''
+ assert html.escape("link") == '<a href='http://www.example.com'>link</a>'
+ assert html.escape("") == '<script>alert('hello');</script>'
// Cases obtained from:
// https://github.com/apache/commons-lang/blob/master/src/test/java/org/apache/commons/lang3/StringEscapeUtilsTest.java
assert html.escape('plain text') == 'plain text'
assert html.escape('') == ''
assert html.escape('bread & butter') == 'bread & butter'
- assert html.escape('"bread" & butter') == '"bread" & butter'
+ assert html.escape('"bread" & butter') == '"bread" & butter'
assert html.escape('greater than >') == 'greater than >'
assert html.escape('< less than') == '< less than'
// Leave accents as-is
diff --git a/vlib/encoding/html/unescape.v b/vlib/encoding/html/unescape.v
new file mode 100644
index 0000000000..ba0aeb9942
--- /dev/null
+++ b/vlib/encoding/html/unescape.v
@@ -0,0 +1,20 @@
+module html
+
+/*
+unescape() automatically convert HTML Encoded text to its original text
+and it doesn't matter the HTML Encoded be in which type (symbolic, decimal, hex)
+all the types are supported
+Usage:
+```
+import html
+fn main() {
+ text := "Hello, 'World'"
+ decode := html.unescape(text)
+ println(decode)
+}
+```
+*/
+pub fn unescape(input string) string {
+ mut escape_to_text := ['&', '&', '<', '<', '>', '>', ''', "'", '"', '"', '&', '&', '<', '<', '>', '>', ''', "'", '"', '"', '&', '&', '<', '<', '>', '>', ''', "'", '"', '"']
+ return input.replace_each(escape_to_text)
+}
diff --git a/vlib/encoding/html/unescape_test.v b/vlib/encoding/html/unescape_test.v
new file mode 100644
index 0000000000..fd7af4c697
--- /dev/null
+++ b/vlib/encoding/html/unescape_test.v
@@ -0,0 +1,22 @@
+import encoding.html
+
+fn test_unescape_html() {
+ assert html.unescape('<>&') == '<>&'
+ assert html.unescape('No change') == 'No change'
+ assert html.unescape('<b>Bold text</b>') == 'Bold text'
+ assert html.unescape('<img />') == '![]()
'
+ assert html.unescape('' onmouseover='alert(1)'') == "' onmouseover='alert(1)'"
+ assert html.unescape('<a href='http://www.example.com'>link</a>') == "link"
+ assert html.unescape('<script>alert('hello');</script>') == ""
+ // Cases obtained from:
+ // https://github.com/apache/commons-lang/blob/master/src/test/java/org/apache/commons/lang3/StringEscapeUtilsTest.java
+ assert html.unescape('plain text') == 'plain text'
+ assert html.unescape('') == ''
+ assert html.unescape('bread & butter') == 'bread & butter'
+ assert html.unescape('"bread" & butter') == '"bread" & butter'
+ assert html.unescape('greater than >') == 'greater than >'
+ assert html.unescape('< less than') == '< less than'
+ // Leave accents as-is
+ assert html.escape('café') == 'café'
+ assert html.escape('façade
') == '<p>façade</p>'
+}