6:[["$","$Le",null,{}],["$","div",null,{"className":"min-h-screen bg-gray-100 p-6","children":[["$","$Lf",null,{}],["$","script",null,{"type":"application/ld+json","dangerouslySetInnerHTML":{"__html":"{\"@context\":\"https://schema.org\",\"@type\":\"QAPage\",\"mainEntity\":{\"@type\":\"Question\",\"name\":\"Encoder.htmlEncoder in JS\",\"text\":\"

On a website, I retrieve a string the user entered.

\\n\\n

DataItem.getProperty('-----some name ----')\\n

\\n\\n

The problem is that some users put a <script></script> in there.

\\n\\n

How can I escape/html-encode this string nicely ?

\\n\",\"author\":{\"@type\":\"Person\",\"name\":\"Elad Benda\"},\"upvoteCount\":1,\"answerCount\":1,\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"

How about;

\\n\\n

function HTMLEncode(buff) {\\n    var e = document.createElement(\\\"div\\\");\\n    e.appendChild(document.createTextNode(buff));\\n    return e.innerHTML;\\n}\\n\\n\\n In:  AAA <script>BBB</script> CCC &lt;DDD&gt;\\n Out: AAA &lt;script&gt;BBB&lt;/script&gt; CCC &lt;DDD&gt;\\n

\\n\",\"author\":{\"@type\":\"Person\",\"name\":\"Alex K.\"},\"upvoteCount\":1}}}"}}],["$","div",null,{"className":"bg-white shadow-md rounded-lg p-6 mb-6 relative","children":[["$","div",null,{"className":"absolute top-4 right-4 flex flex-wrap space-x-2","children":[["$","span","javascript",{"className":"bg-blue-600 text-white text-sm px-3 py-1 rounded-full","children":["$","$L10",null,{"href":"/discussion/tag/javascript/1","children":"javascript"}]}],["$","span","html-encode",{"className":"bg-blue-600 text-white text-sm px-3 py-1 rounded-full","children":["$","$L10",null,{"href":"/discussion/tag/html-encode/1","children":"html-encode"}]}]]}],["$","div",null,{"className":"flex items-center mb-4","children":[["$","img",null,{"src":"https://www.gravatar.com/avatar/e66bb815b52eb8f82eab2c06427db8ca?s=256&d=identicon&r=PG","alt":"Elad Benda","className":"w-16 h-16 rounded-full border"}],["$","div",null,{"className":"ml-4","children":[["$","a",null,{"href":"https://stackoverflow.com/users/311130/elad-benda","target":"_blank","rel":"noopener noreferrer","className":"text-lg font-semibold text-blue-600 hover:underline","children":"Elad Benda"}],["$","p",null,{"className":"text-sm text-gray-500","children":["Reputation: ",36654]}]]}]]}],["$","h1",null,{"className":"text-2xl font-bold text-gray-800 mb-4","children":"Encoder.htmlEncoder in JS"}],["$","p",null,{"className":"text-gray-700 mt-4","dangerouslySetInnerHTML":{"__html":"

On a website, I retrieve a string the user entered.

\n\n

DataItem.getProperty('-----some name ----')\n

\n\n

The problem is that some users put a <script></script> in there.

\n\n

How can I escape/html-encode this string nicely ?

\n"}}],["$","div",null,{"className":"text-gray-600 text-sm mt-4","children":[["$","p",null,{"children":["Upvotes: ",1]}],["$","p",null,{"children":["Views: ",269]}]]}]]}],["$","div",null,{"className":"container mx-auto","children":[["$","h2",null,{"className":"text-2xl font-semibold text-gray-800 mb-6","children":["Answers (",1,")"]}],[["$","div","6523617",{"className":"bg-white shadow-md rounded-lg p-6 mb-6","children":[["$","div",null,{"className":"flex items-center mb-4","children":[["$","img",null,{"src":"https://www.gravatar.com/avatar/a8ba0aea3f521082f18dd7c186e7d4c3?s=256&d=identicon&r=PG","alt":"Alex K.","className":"w-12 h-12 rounded-full border"}],["$","div",null,{"className":"ml-4","children":[["$","a",null,{"href":"https://stackoverflow.com/users/246342/alex-k","target":"_blank","rel":"noopener noreferrer","className":"text-lg font-semibold text-blue-600 hover:underline","children":"Alex K."}],["$","p",null,{"className":"text-sm text-gray-500","children":["Reputation: ",175766]}]]}]]}],["$","p",null,{"className":"text-gray-700 mb-4","dangerouslySetInnerHTML":{"__html":"

How about;

\n\n

function HTMLEncode(buff) {\n    var e = document.createElement(\"div\");\n    e.appendChild(document.createTextNode(buff));\n    return e.innerHTML;\n}\n\n\n In:  AAA <script>BBB</script> CCC &lt;DDD&gt;\n Out: AAA &lt;script&gt;BBB&lt;/script&gt; CCC &lt;DDD&gt;\n

\n"}}],["$","div",null,{"className":"text-gray-600 text-sm","children":["$","p",null,{"children":["Upvotes: ",1]}]}]]}]]]}],["$","div",null,{"className":"bg-white shadow-md rounded-lg p-6 mt-6","children":[["$","h2",null,{"className":"text-2xl font-semibold text-gray-800 mb-4","children":"Related Questions"}],["$","ul",null,{"className":"list-disc list-inside","children":[["$","li","18749591",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/18749591","className":"text-blue-600 hover:underline","children":"Encode HTML entities in JavaScript"}]}],["$","li","49497683",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/49497683","className":"text-blue-600 hover:underline","children":"How to render encoded HTML in browser"}]}],["$","li","44591776",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/44591776","className":"text-blue-600 hover:underline","children":"JS encodeURI Equivalent of Java"}]}],["$","li","37830591",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/37830591","className":"text-blue-600 hover:underline","children":"jQuery encoding in html()"}]}],["$","li","23414418",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/23414418","className":"text-blue-600 hover:underline","children":"How to encode text into html with JQuery"}]}],["$","li","15808395",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/15808395","className":"text-blue-600 hover:underline","children":"HTML Encode String"}]}],["$","li","15339964",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/15339964","className":"text-blue-600 hover:underline","children":"Encode-DecodeAdventure"}]}],["$","li","9129824",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/9129824","className":"text-blue-600 hover:underline","children":"string encoding html"}]}],["$","li","3809757",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/3809757","className":"text-blue-600 hover:underline","children":"Partial HTML encoder"}]}],["$","li","586430",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/586430","className":"text-blue-600 hover:underline","children":"Javascript encoding question"}]}]]}]]}]]}],["$","$L11",null,{}],["$","$L12",null,{}],["$","$L13",null,{}],["$","$L14",null,{}],["$","$L15",null,{}]]

Encoder.htmlEncoder in JS

Answers (1)

Related Questions