meomike2000 Posted August 15, 2009 Share Posted August 15, 2009 on a page that i am working on i use js to create all the elements and then append the information that is retrieved via php from the database.... how can i defang the html that may get entered by a user..... if the information was displayed with via php i would use something like print htmlentities($users value here); and it would make the html that a user may enter not work.... how can i do the same thing in js...... so that if a user enters something like value <br> value it would get displayed as : value <br> value, and not as, value value any help would be great mike...... Quote Link to comment Share on other sites More sharing options...
dmcdivitt Posted August 15, 2009 Share Posted August 15, 2009 try: var s = whatever; s = s.replace('<','<').replace('>','>').replace('&','&'); Quote Link to comment Share on other sites More sharing options...
meomike2000 Posted August 15, 2009 Author Share Posted August 15, 2009 ok i will try that, thanks Quote Link to comment Share on other sites More sharing options...
meomike2000 Posted August 15, 2009 Author Share Posted August 15, 2009 well this worked but did not give the affect that i was looking for..... var s = whatever; s = s.replace('<','<').replace('>','>').replace('&','&'); so i added another line like this and for some reason it works and kills the html tags in fire fox and ie. var s = whatever; s = s.replace('<','<').replace('>','>').replace('&','&'); s = s.replace('<','<').replace('>','>').replace('&','&'); Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.