Preventing HTML and Script injections in Javascript
Assume I have a page with an input box. The user types something into the input box and hits a button. The button triggers a function that picks up the value typed into the text box and outputs it onto the page beneath the text box for whatever reason. Now this has been disturbingly difficult to find a definitive answer on or I wouldn't be asking but how would you go about outputting this string: <script>alert("hello")</script> <h1> Hello World </h1> So that neither the script is executed nor the HTML element is displayed? What I'm really asking here is if there is a standard method of