Reputation: 723
Avoiding HTML and Scripts tags renders
I've been working in a Chat Box, I use Node.js + socket.io for client-server communication so I can't execute PHP code(I've read that is possible but It's not recommended and difficult to achieve). Everything works fine except when users send messages with HTML or Scripts tags.
I've tried to remove those tags with a function that I found in here. It works fine, but only for HTML tags, then I thought: Well, I can remove Script tags first using regular expressions. Something like this
.replace(/<script.*>.*<\/script>/ims, " ")
and then remove the HTML tags, but I'm not sure if this method is hacks proof, and that's a lot of processes for each message sent.
Is there any form of appending text$("#div").append(message); without rendering HTML/JavaScript code ? --- Print the text just the way it is, like in twitch.tv, in there, if you send a message with HTML/JS/PHP code, the message is printed just like the way you type it.
or, is there any other way to remove tags ?
Thanks for your time.
Upvotes: 1
Views: 262
Answers (1)
Reputation: 95066
Just append a div with the message set as text.
$("#div").append( $("<div>").text(message) );
Upvotes: 1
Related Questions
- Invisible script tag in HTML document with websockets code in it
- Load HTML first before Javascript
- Socket.io and JS DOM compatibility
- Include socket.io in the script tag using html
- Javascript Document isn't loading
- Node is not finding js files included in html
- Including of external js while using node.js
- Socket.IO accepts non-existing src tag?
- Node JS / Socket.io : include JS lib in HTML
- node.js/socket.io how to separate javascript of the html?