2

I have an input that works like a chat box. (The user types something in the input and it outputs on the page). I just noticed that the user can also use html tags in my input box to change the output.

Example: If I typed <b>Hello</b>, the output text would be bolded and so on...

I don't want to disable this function completly. But there are some tags that I don't want outputted (example h1 or h2...). I think that's it's possible with regex (not sure how too proceed with that though), but I feel like there may be a easier solution, if not, just throw in whatever works.

The code below is what gets my input box to work:

$('form').on('submit', function(e){
    e.preventDefault();
    checkValue();
});

function checkValue() {
    var message = document.getElementById("userinput").value;
    $('#output').html(message);
}

Thanks.

Improve this question
1

2 Answers 2

Reset to default
1

See if that fits your needs:

var message = $('<div/>', {
    html: document.getElementById("userinput").value
}).find(':header').remove().end().html();

Or you could use e.g replaceWith(function(){return '<h>'+this.innerHTML+'</h>';}) instead of remove().

DEMO jsFiddle

Improve this answer
Sign up to request clarification or add additional context in comments.

6 Comments

You need to still be able to have tags like <b> take effect on the writing? is that possible?
@minseong That's already the case in posted jsFiddle: jsfiddle.net/5AVLd or i don't understand what you mean by "take effect on the writing"?
Sorry, I missed that. Have upvoted your answer, it is the better one.
May I suggest these very slight changes to your jsFiddle: jsfiddle.net/theonlygusti/WfDqM/1, basically just including the h1 as text rather than an element.
@WalkOfLife fixed jsFiddle, you need to use any relevant method for checking: jsfiddle.net/5AVLd/2
|
1

You need to add another part to your checkValue function:

function checkValue() {
    var text = document.getElementById("userinput").value;
    var message = text.replace(/<h1>/g,"&#60;h1&#62;");
    $('#output').html(message);
}

See how I have replaced all h1 elements with escaped characters and the text (h1).

This should work and you can repeat it again and again to get rid of everything you don't want, e.g.

function checkValue() {
    var text = document.getElementById("userinput").value;
    var check = text.replace(/<h1>/g,"&#60;h1&#62;");
    var check2 = check.replace(/<h2>/g,"&#60;h2&#62;");
    var message = check2.replace(/<table>/g,"&#60;table&#62;")
    $('#output').html(message);
}

There is more on the replace function here: http://www.w3schools.com/jsref/jsref_replace.asp

Here is a different way that I found on this site:

How can I strip certain html tags out of a string?

Improve this answer

3 Comments

you'll replace only first occurence here, you should pass a regex as parameter, not string. BTW, this won't replace e.g <h1 style="..."> nor </h1>, etc...
Thankyou for pointing that out (first occurence), have updated my answer to fix that but will continue to work on it to solve the other problems.
You shouldn't use regex to try to parse HTML, see: stackoverflow.com/a/590789/1414562

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.