VGTech is a blog where the developers and devops of Norways most visited website share code and tricks of the trade… Read more



Are you brilliant? We're hiring. Read more

Strip HTML from a string in Javascript

JS

Quick tip; never use innerHTML (or jQuery’s html()) unless you really want to insert HTML.
Quite often, what you actually want is to insert some text. If this is the case, use innerText (or jQuery’s text()).

Should you need to strip HTML from a string (say you are building a chunk of HTML and need to insert the content of an input-field into it), this is a simple way of doing it:

Show code
function stripHtml(str) {
    var temp = document.createElement('DIV');
    temp.innerHTML = str;
    return temp.textContent || temp.innerText;
}

Or, if you’re using jQuery:

Show code
function stripHtml(str) {
    return jQuery('<div />', { html: str }).text();
}

WARNING: Please be aware that any code (script tags) and resources linked (images, scripts) will still be run using this approach. Only use this approach when you have some degree of control over the input and context. Securing markup is not a trivial task and should be given more thought.

Developer at VG with a passion for Javascript, PHP and the Android platform. @rexxars


1 comments

  • Avinash Patil

    Hi,

    Thanks for the above code, it helped me.

    Regards
    Avinash Patil


Leave your comment