Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to strip HTML tags with jQuery?

Tags:

jquery

I want to remove HTML tags from a string. For example assume we have the string:

 <p> example ive got a string</P> 

How can I write a function that removes the <p><p> and returns just "example ive got a string"?

like image 414
Sadda-shutu Avatar asked Oct 30 '12 13:10

Sadda-shutu


People also ask

How do I strip a tag in HTML?

The strip_tags() function strips a string from HTML, XML, and PHP tags. Note: HTML comments are always stripped. This cannot be changed with the allow parameter. Note: This function is binary-safe.

How to strip HTML tags from string?

To strip out all the HTML tags from a string there are lots of procedures in JavaScript. In order to strip out tags we can use replace() function and can also use . textContent property, . innerText property from HTML DOM.

How to remove HTML tags from JavaScript?

Approach: Select the HTML element which need to remove. Use JavaScript remove() and removeChild() method to remove the element from the HTML document.

How to clear div data in jQuery?

The empty() method removes all child nodes and content from the selected elements. Note: This method does not remove the element itself, or its attributes. Tip: To remove the elements without removing data and events, use the detach() method. Tip: To remove the elements and its data and events, use the remove() method.


2 Answers

Use the .text() function:

var text = $("<p> example ive got a string</P>").text(); 

Update: As Brilliand points out below, if the input string does not contain any tags and you are unlucky enough, it might be treated as a CSS selector. So this version is more robust:

var text = $("<div/>").html("<p> example ive got a string</P>").text(); 
like image 108
Jon Avatar answered Sep 21 '22 00:09

Jon


The safest way is to rely on the browser TextNode to correctly escape content. Here's an example:

function encodeHTML(dirtyString) {   var container = document.createElement('div');   var text = document.createTextNode(dirtyString);   container.appendChild(text);   return container.innerHTML; // innerHTML will be a xss safe string }  document.write( encodeHTML('<p>some <span>content</span></p>') ); document.write( encodeHTML('<script><p>some <span>content</span></p>') );

The thing to remember here is that the browser escape the special characters of TextNodes when we access the html strings (innerHTML, outerHTML). By comparison, accessing text values (innerText, textContent) will yield raw strings, meaning they're unsafe and could contains XSS.

If you use jQuery, then using .text() is safe and backward compatible. See the other answers to this question.

The simplest way in pure JavaScript if you work with browsers <= Internet Explorer 8 is:

string.replace(/(<([^>]+)>)/ig,""); 

But there's some issue with parsing HTML with regex so this won't provide very good security. Also, this only takes care of HTML characters, so it is not totally xss-safe.

like image 43
Simon Boudrias Avatar answered Sep 21 '22 00:09

Simon Boudrias