This plugin provides an object like a Java StringBuilder for concatenating HTML and also escaping it to avoid XSS bugs
Any text that is constant HTML strings should be added to the buffer with the html()
method, similar to jQuerys' html() method.
similar to jQuerys text() method.
Be careful, writing html(obj.value) is still possible, and introduces XSS risks, just
as it does with jQuery.
var html = new $.htmlBuffer();
This class only escapes the following characters & < > " '
Which means the page should be UTF-8 to be able to represent a full characterset.
For example the € sign could be escaped as € but it is not, if you want support
the toHtml() method.