Reputation: 1208
JavaScript: make html text plain text
I've got a js-function which takes string as a parameter and get it displayed in a div element. Such string may contain html tags.
How do I force JS display inner text in div-elements as html-text with html-tags. And, also, what is an adequate way to filter particular tags, i.e. apply certain tags for styling and just print others.
Upvotes: 1
Views: 1885
Answers (2)
Reputation: 67090
And, also, what is an adequate way to filter particular tags, i.e. apply certain tags for styling and just print others.
To put directly user inserted HTML code is dangerous for XSS. You should use some tool to sanitize HTML code (here on StackOverflow, for example, you can use some HTML tags).
As posted in this question here on SO you can use this client-side sanitizer: http://code.google.com/p/google-caja/source/browse/trunk/src/com/google/caja/plugin/html-sanitizer.js On the other hand you may need to do this on the server-side, which one depends on your environment (ASP.NET? PHP?).
Upvotes: 1
Reputation: 1074276
You just need to replace & and < (and optionally > if you like, but you don't have to) with their respective entities, using String#replace (spec, MDC) for instance.
Upvotes: 4
Related Questions
- Strip HTML tags from text using plain JavaScript
- Parse HTML as a plain text via JavaScript
- Is there a better way to turn HTML to plain text in JavaScript than a series of Regex search/replaces
- Unescape HTML string till HTML content
- JavaScript regexr replace string with html?
- How to convert HTML to text without tags and special characters?
- how to remove HTML tags from a string in JavaScript without using regexp?
- trasform with a regex a string in a html text
- Eliminate html tags
- Replace text but not the HTML tags?