Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
function SanitizeInput(input) {
input = input.replace(/</g, "<");
input = input.replace(/>/g, ">");
return input;
}
document.write(SanitizeInput("Test!<marquee>bibble</marquee>"));
If you pop this into jsfiddle.net the result is Test!<marquee>bibble</marquee without the trailing >
Can anyone explain what I’m doing wrong?
Edit: Replacing it with ( and ) seems to work perfectly
You’re not doing anything wrong. The function you use does replace all your
<with<and>with>. Just that document.write adds the sanitized text to the HTML document and the entities get converted back to<and>.Just try
alertinstead ofdocument.write.If you really want to have
<visible in your page you should “double-sanitize” the text.On a side note you could chain replace calls, like this:
Hope you find this useful,
Alin