May 09, 2021 CoffeeScript
You need to replace HTML tags with named entities:
<br/> => <br/>
htmlEncode = (str) ->
str.replace /[&<>"']/g, ($0) ->
"&" + {"&":"amp", "<":"lt", ">":"gt", '"':"quot", "'":"#39"}[$0] + ";"
htmlEncode('<a href="http://bn.com" rel="external nofollow" target="_blank" >Barnes & Noble</a>')
# => '<a href="http://bn.com">Barnes & Noble</a>'
There may be a better way to implement the above approach.