jquery - how to escape html to prevent XSS?

Question

I\'m using laravel, when a user sends a text message, it may contain some malicious code. When I use {{}} it will show me the exact text the user has sent. If h

Answer 1

We had a similar scenario in of the project I worked. We used to get html content from server side which should be appended to DOM using Jquery. Before adding it to Add, we wanted to validate the HTML content we received from Server to safe guard the XSS security issues. Following is the generic method to encode the HTML content,

function htmlEncode(source) {
  return $("
").text(source).html();
}