What’s the right way to decode a string that has special HTML entities in it? [duplicate]
This is my favourite way of decoding HTML characters. The advantage of using this code is that tags are also preserved. function decodeHtml(html) { var txt = document.createElement(“textarea”); txt.innerHTML = html; return txt.value; } Example: http://jsfiddle.net/k65s3/ Input: Entity: Bad attempt at XSS:<script>alert(‘new\nline?’)</script><br> Output: Entity: Bad attempt at XSS:<script>alert(‘new\nline?’)</script><br>