Unescape apostrophe (') in JavaScript?

Question

I'm trying to unescape a HTML-escaped apostrophe ("'") in JavaScript, but the following doesn't seem to work on a devtools console line:

unescape(''');

The output is simply:

"'"

It doesn't work in Underscore's unescape either:

_.unescape(''')

What am I doing wrong?

Answer 1

unescape has nothing to do with HTML character entities. It's an old, deprecated function for decoding text encoded with escape, which is an old, deprecated function for encoding text in a way that is unlikely to be useful in the modern world. :-)

If you need to turn that HTML into plain text, the easiest way is via an element:

var div = document.createElement('div');
div.innerHTML = "'";
alert(div.firstChild.nodeValue);

Live Example | Live Source

Note that the above relies on the fact that there are no elements defined in your HTML text, so it knows there is exactly one child node of div, which is a text node.

For more complicated use cases, you might use div.innerText (if it has one) or div.textContent:

var div = document.createElement('div');
div.innerHTML = "'";
alert(div.innerText || div.textContent || "");

Live Example | Live Source

Answer 2

By using createElement like in T.J.'s answer, you open yourself up to XSS attacks.

DOMParser is a much safer way to correctly unescape HTML entities (including ')

function unescape(string) {
  return new DOMParser().parseFromString(string,'text/html').querySelector('html').textContent;
}

console.log(unescape('''));

You can use the function above with a string from any source, and the string won't be able to modify your page or steal data by including JavaScript.