How will I sanitize this line? (maybe in jQuery)?

Question

I have a webpage where people enter text in a text box and it displays the text below them. It. On the server side, no.

Say someone is typing <script src="blah">hello</script>

I want to show it as text. Not like a script, of course. How can I do this (all in javascript)?

I want to display all the text. Do not set tags.

+6

TIMEX Apr 30 '11 at 7:32

3 answers

If you want to display it in an element, you can use the text method. It will get rid of all the HTML for you.

You can see an example here .

+1

icktoofay Apr 30 '11 at 7:37

 <input type="text" onkeyup="$('#outputDiv').text($(this).val());" /> <div id="outputDiv"></div>

+1

bloodcell Apr 30 '11 at 7:48

David fells · Accepted Answer · 2011-04-30T07:38:55+0000

 $('div.whatever').text($('input.whatever').val());

This converts the objects to HTML objects, so they are displayed in the form in which they were printed, and are not considered markup.