Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
The insertion looks like this:
a_span.innerHTML() = input.value
To prevent any kind of attacks in PHP I use htmlspecialchars. Should I use this
for protection or native escape is enough?
First off, I’m assuming you intended to write
a_span.innerHTML = input.value, since innerHTML isn’t a function.Secondly, you should use document.createTextNode() instead of innerHTML if you’re worried about your text being interpreted as HTML entities. Something like
a_span.innerHTML="";a_span.appendChild(document.createTextNode(input.value));should work okay.