function SaferHTML(templateData) {
let s = templateData[0];
for (let i = 1; i < arguments.length; i++) {
let arg = String(arguments[i]);
s += arg.replace(/&/g, "&")
.replace(/</g, "<")
.replace(/>/g, ">");
s += templateData[i]
}
return s
}
let sender = '<a>alert("abc")</a>';
let message = SaferHTML`<p>${sender} has sent you a message.</p>`;
message //<p><a>alert("abc")</a> has sent you a message.</p>
function SaferHTML(templateData) {
let s = [];
for (let i = 1; i < arguments.length; i++) {
let arg = String(arguments[i]);
s[i-1] = arg.replace(/&/g, "&")
.replace(/</g, "<")
.replace(/>/g, ">");
}
return String.raw({ raw: templateData }, ...s);
}
let sender = '<a>alert("abc")</a>';
let message = SaferHTML`<p>${sender} has sent you a message.</p>`;
message //<p><a>alert("abc")</a> has sent you a message.</p>