Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How do I change the text of a span element using JavaScript?

Tags:

javascript

html

If I have a span, say:

<span id="myspan"> hereismytext </span>

How do I use JavaScript to change "hereismytext" to "newtext"?

like image 915
user105033 Avatar asked Aug 31 '09 18:08

user105033

People also ask

How do you update the text within an element using JavaScript?

Use the textContent property to change the text of a div element, e.g. div. textContent = 'Replacement text' . The textContent property will set the text of the div to the provided string, replacing any of the existing content.

How do you change the text of an element?

Use the textContent property to change the text of an element, e.g. element. textContent = 'New text' . The textContent property will set the text of the element to the provided string, replacing any of the existing content.

How do you style a span tag in HTML?

The <span> tag is easily styled by CSS or manipulated with JavaScript using the class or id attribute. The <span> tag is much like the <div> element, but <div> is a block-level element and <span> is an inline element.

Can you use span in JavaScript?

You can use the HTML span tag as a container to group inline elements together so you can style or manipulate them with JavaScript.

2 Answers

For modern browsers you should use:

document.getElementById("myspan").textContent="newtext";

While older browsers may not know textContent, it is not recommended to use innerHTML as it introduces an XSS vulnerability when the new text is user input (see other answers below for a more detailed discussion):

//POSSIBLY INSECURE IF NEWTEXT BECOMES A VARIABLE!! document.getElementById("myspan").innerHTML="newtext";
like image 81
Gregoire Avatar answered Sep 21 '22 23:09

Gregoire

Using innerHTML is SO NOT RECOMMENDED. Instead, you should create a textNode. This way, you are "binding" your text and you are not, at least in this case, vulnerable to an XSS attack.

document.getElementById("myspan").innerHTML = "sometext"; //INSECURE!!

The right way:

span = document.getElementById("myspan"); txt = document.createTextNode("your cool text"); span.appendChild(txt);

For more information about this vulnerability: Cross Site Scripting (XSS) - OWASP

Edited nov 4th 2017:

Modified third line of code according to @mumush suggestion: "use appendChild(); instead".
Btw, according to @Jimbo Jonny I think everything should be treated as user input by applying Security by layers principle. That way you won't encounter any surprises.

like image 25
nicooo. Avatar answered Sep 20 '22 23:09

nicooo.
Sign in to Comment

Related questions

Map vs Object in JavaScript
Working with select using AngularJS's ng-options
Get the index of the object inside an array, matching a condition
How to display length of filtered ng-repeat data
JavaScript property access: dot notation vs. brackets?
What is the purpose of backbone.js?
How can I convert the "arguments" object to an array in JavaScript?
Execute the setInterval function without delay the first time
Use basic authentication with jQuery and Ajax
Watch multiple $scope attributes
How to skip to next iteration in jQuery.each() util?
Javascript: How to generate formatted easy-to-read JSON straight from an object? [duplicate]
Open URL in same window and in same tab
Can I use multiple versions of jQuery on the same page?
Parsing JSON giving "unexpected token o" error [duplicate]
How can I remove a character from a string using JavaScript?
What is the difference between typeof and instanceof and when should one be used vs. the other?
Using Razor within JavaScript
Accessing the web page's HTTP Headers in JavaScript
Handle file download from ajax post

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!