console.log(escape('<script>'));
console.log(escape(' '));//%20
function xssClean(str){
var newStr = "";
var escapeCharMap = {
'&': '&',
'<': '<',
'>': '>',
'"': '"',
"'": ''',
'`': '`'
};
if(str!=null){
for(var i=0;i<str.length;i++){
if(escapeCharMap[str[i]]!=null){
newStr += escapeCharMap[str[i]];
}else{
newStr += str[i];
}
}
}
return newStr;
}
console.log(xssClean('<script>'));