[removed] make html text plain text

Question

I\'ve got a js-function which takes string as a parameter and get it displayed in a div element. Such string may contain html tags.

How do I force JS display inner text

Answer 1

And, also, what is an adequate way to filter particular tags, i.e. apply certain tags for styling and just print others.

To put directly user inserted HTML code is dangerous for XSS. You should use some tool to sanitize HTML code (here on StackOverflow, for example, you can use some HTML tags).

As posted in this question here on SO you can use this client-side sanitizer: http://code.google.com/p/google-caja/source/browse/trunk/src/com/google/caja/plugin/html-sanitizer.js On the other hand you may need to do this on the server-side, which one depends on your environment (ASP.NET? PHP?).

Answer 2

You just need to replace & and < (and optionally > if you like, but you don't have to) with their respective entities, using String#replace (spec, MDC) for instance.