feat(html/unstable): add escapeJs and escapeCss functions

[lionel-rowe]

Resolves #6748

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 94.14%. Comparing base (c3331d5) to head (c998523).

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #6782   +/-   ##
=======================================
  Coverage   94.14%   94.14%           
=======================================
  Files         589      591    +2     
  Lines       42540    42564   +24     
  Branches     6717     6721    +4     
=======================================
+ Hits        40050    40073   +23     
- Misses       2440     2442    +2     
+ Partials       50       49    -1     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[kt3k]

escapeCss looks good to me.

[kt3k]

I don't see why data accepts JSON-serializable object. Shouldn't this be escapeJs(str: string): string?

[lionel-rowe]

Makes it a lot more ergonomic to pass arbitrary(-ish) data:

// might be nested arbitrarily deeply
declare const data: string | number | Record<string, string> | Record<string, Record<string, string>>
const scriptContentToInject = `<script>window.handleData(${escapeJs(data)})</script>`

Or (because the output is also JSON-compatible):

const importMap = { imports: { zod: 'https://esm.sh/v131/[email protected]' } }
const importMapScriptTag = `<script type="importmap">${escapeJs(importMap)}</script>`

[kt3k]

Ok. Makes sense. Can you add those as usage examples? Otherwise, I guess users might not get how to use it.