Escape HTML entities in JSON.stringify
, using a replacer method.
> var escape_html_entities = require('escape-html-in-json')
> var object = {name: "<script>alert('hacked');</script>"}
> JSON.stringify(object)
'{"name":"<script>alert(\'hacked\');</script>"}'
> JSON.stringify(object, escape_html_entities)
'{"name":"<script>alert('hacked');</script>"}'