1

I am trying to create a pattern to prevent user inputs from HTML mark up. I created this patten

var htmlTagRegex = /^<+[a-z]+>/;

which only works when the input starts with html tag for example:

<br /> Test
<p> Test
<div> Test

but in case of having an input like below

Test <br /> 
Test <p> 
Test <div>

the pattern not working (probably because of /^). How can I write the pattern to consider any html tag contains?

Improve this question
4
  • yep... I'll suggest OP play with regex101.com Commented Nov 20, 2014 at 5:16
  • Hi dandavis, thanks for reply I want to detect them Commented Nov 20, 2014 at 5:17
  • then just look for an angle bracket: /</ Commented Nov 20, 2014 at 5:17
  • 1
    watch out for escaped entries as well: owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet Commented Nov 20, 2014 at 5:31

3 Answers 3

Reset to default
1 
^(?=.*(?:<[^>]+>)).*$

You can use this to detect html markers.See demo.

http://regex101.com/r/lZ5mN8/43

Improve this answer
Sign up to request clarification or add additional context in comments.

7 Comments

if i want to be nit-pickey, "5 < 7 || 4 > 2" still matches, as do HTML comments... but yeah, namespaced custom elements work, so this ain't bad, and likely plenty.
@dandavis, is there any way to exclude numbers from pattern?
well I update you code as ^(?=.*(?:<[^\d>]+>)).*$ and now if you put <div id="3"> it passes as can not find any match! can you please test this?
same! still passing them trough!
Thats exactly what I am saying! there is no match with html while <div id="3"> is absolutely HTML!
|
0

now my question is can you please let me know how to power the pattern to consider any html tag contains?

<\w+\b[^<>]*>

For matching custom tags,

<[^<>]+>

To match the whole line which contains the tag. You don't need to go for lookaround assertions.

^.*?<[^<>]+>.*$

DEMO

Improve this answer

3 Comments

could you provide an example?
that doesn't match <custom-tags>
is html contains custom tags?
0

Just for your information

In jQuery, If you want extract text alone without html markup , then you can use pattern like this

$("<div/>").html("#elementId").text()
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.