Assume I have a page with an input box. The user types something into the input box and hits a button. The button triggers a function that picks up the value typed into the text box and outputs it onto the page beneath the text box for whatever reason. Now this has been disturbingly difficult to find a definitive answer on or I wouldn't be asking but how would you go about outputting this string:
So that neither the script is executed nor the HTML element is displayed? What I'm really asking here is if there is a standard method of avoiding both HTML and Script injection in Javascript. Everyone seems to have a different way of doing it (I'm using jQuery so I know I can simply output the string to the text element rather than the html element for instance, that's not the point though). asked Dec 31, 2013 at 10:02
7 I use this function htmlentities($string):
answered Feb 6, 2019 at 21:07
1
From here
answered Apr 14, 2020 at 22:23
hestellezghestellezg 2,6592 gold badges30 silver badges33 bronze badges My solution using typescript + decorators + regex
Typescript Code bellow:
answered Apr 26, 2021 at 14:16
MaxMax 3232 silver badges4 bronze badges Try this method to convert a 'string that could potentially contain html code' to 'text format':
Hope this helps! answered Aug 13, 2015 at 23:20
0 Use this,
On the backend, for java , Try using StringUtils class or a custom script.
answered Jul 12, 2017 at 11:42
|