I want to remove HTML tags from a string. For example assume we have the string:
example ive got a string
How can I wr
You can use the existing split function
One easy and choppy exemple:
var str = '<p> example ive got a string</P>';
var substr = str.split('<p> ');
// substr[0] contains ""
// substr[1] contains "example ive got a string</P>"
var substr2 = substr [1].split('</p>');
// substr2[0] contains "example ive got a string"
// substr2[1] contains ""
The example is just to show you how the split works.
The safest way is to rely on the browser TextNode to correctly escape content. Here's an example:
function stripHTML(dirtyString) {
var container = document.createElement('div');
var text = document.createTextNode(dirtyString);
container.appendChild(text);
return container.innerHTML; // innerHTML will be a xss safe string
}
document.write( stripHTML('<p>some <span>content</span></p>') );
document.write( stripHTML('<script><p>some <span>content</span></p>') );
The thing to remember here is that the browser escape the special characters of TextNodes when we access the html strings (innerHTML
, outerHTML
). By comparison, accessing text values (innerText
, textContent
) will yield raw strings, meaning they're unsafe and could contains XSS.
If you use jQuery, then using .text()
is safe and backward compatible. See the other answers to this question.
The simplest way in pure JavaScript if you work with browsers <= Internet Explorer 8 is:
string.replace(/(<([^>]+)>)/ig,"");
But there's some issue with parsing HTML with regex so this won't provide very good security. Also, this only takes care of HTML characters, so it is not totally xss-safe.
This is a example for get the url image, escape the p tag from some item.
Try this:
$('#img').attr('src').split('<p>')[1].split('</p>')[0]
If you want to keep the innerHTML of the element and only strip the outermost tag, you can do this:
$(".contentToStrip").each(function(){
$(this).replaceWith($(this).html());
});
Use the .text() function:
var text = $("<p> example ive got a string</P>").text();
Update: As Brilliand points out below, if the input string does not contain any tags and you are unlucky enough, it might be treated as a CSS selector. So this version is more robust:
var text = $("<div/>").html("<p> example ive got a string</P>").text();