Creates an HTML string with automatic escaping of interpolated values.
Use r() to prevent escaping specific values.
Parameters
strings: TemplateStringsArray
The constant portions of the template string.
...values: (string|number|boolean|RawHtml)[]
The dynamic values to be interpolated (automatically escaped unless wrapped with r()).
Returns string
The built HTML string with all values properly escaped.
Example
constunsafe=`oops <script>alert(1)</script>`; testing.innerHTML=html`foo bar baz ${unsafe}`; // Values are automatically escaped constsafeHtml=html`<div>${r("<b>Bold</b>")}</div>`; // Using r() to prevent escaping
Creates an HTML string with automatic escaping of interpolated values. Use r() to prevent escaping specific values.