Escaping HTML characters in a string means replacing the: 1.less than symbol (<) with < 2.greater than symbol (>) with > 3.double quotes (") with " 4.single quote (') with ' 5.ampersand (&) with & ------------------------------ function escape(htmlStr) { return htmlStr.replace(/&/g, "&") .replace(/</g, "<") .replace(/>/g, ">") .replace(/"/g, """) .replace(/'/g, "'"); } console.log(escape("<script>alert('hi')</script>"));