HTML-encoding lost when attribute read from input field

by

EDIT: This answer was posted a long ago, and the htmlDecode function introduced a XSS vulnerability. It has been modified changing the temporary element from a div to a textarea reducing the XSS chance. But nowadays, I would encourage you to use the DOMParser API as suggested in other anwswer.

I use these functions:

function htmlEncode(value){
  // Create a in-memory element, set its inner text (which is automatically encoded)
  // Then grab the encoded contents back out. The element never exists on the DOM.
  return $('<textarea/>').text(value).html();
}

function htmlDecode(value){
  return $('<textarea/>').html(value).text();
}

Basically a textarea element is created in memory, but it is never appended to the document.

On the htmlEncode function I set the innerText of the element, and retrieve the encoded innerHTML; on the htmlDecode function I set the innerHTML value of the element and the innerText is retrieved.

Check a running example here.

More Related Contents:

  1. When we using alert vs popup div tag? [closed]
  2. Dynamically adding div on button click and changing Id of each?
  3. How to make page loaders/animations/transitions
  4. Get specific text from html tag jquery [duplicate]
  5. jQuery Set Cursor Position in Text Area
  6. How to detect DIV’s dimension changed?
  7. Make header and footer files to be included in multiple html pages
  8. Unescape HTML entities in JavaScript?
  9. How do I link a JavaScript file to a HTML file?
  10. Force a browser to save file as after clicking link [duplicate]
  11. How to check “checkbox” dynamically – jQuery Mobile
  12. Integrating Dropzone.js into existing HTML form with other fields
  13. Dropdown select with images
  14. How to find a parent with a known class in jQuery?
  15. Generic way to detect if html form is edited
  16. Is there a way to create out of DOM elements in Web Worker?
  17. Avoid window jump to top when clicking #-links
  18. how to move a div with arrow keys
  19. jQuery Change event on an element – any way to retain previous value?
  20. How to build simple tabs with jQuery?
  21. Emailing to multiple recipients with html Mailto: not working
  22. Bootstrap Dropdown with Hover
  23. Is it possible to append a div inside an SVG element? [duplicate]
  24. How can I get all a form’s values that would be submitted without submitting [duplicate]
  25. Jquery click event not firing on the element created dynamically using jquery
  26. How to show hidden divs on mouseover?
  27. Using .after() to add html closing and open tags
  28. Changing “src” attribute of
  29. How to highlight a part part of an Input text field in HTML using Javascript or JQuery
  30. Test if an element can contain text

Leave a Comment