How to strip HTML tags from string in JavaScript

Question

How can I strip the HTML from a string in JavaScript

User · Answer

I know this question has an accepted answer, but I feel that it doesn't work in all cases.

For completeness and since I spent too much time on this, here is what we did: we ended up using a function from php.js (which is a pretty nice library for those more familiar with PHP but also doing a little JavaScript every now and then):

http://phpjs.org/functions/strip_tags:535

It seemed to be the only piece of JavaScript code which successfully dealt with all the different kinds of input I stuffed into my application. That is, without breaking it – see my comments about the <script /> tag above.

User · Answer

var html     lt p gt Hello   lt b gt World lt  b gt    var div   document createElement  div    div innerHTML   html  alert div innerText      Hello  World   That pretty much the best way of doing it  you re letting the browser do what it does best -- parse HTML     Edit  As noted in the comments below  this is not the most cross-browser solution  The most cross-browser solution would be to recursively go through all the children of the element and concatenate all text nodes that you find  However  if you re using jQuery  it already does it for you   alert     lt p gt Hello   lt b gt World lt  b gt  lt  p gt    text       Check out the text method

User · Answer

Using the browser s parser is the probably the best bet in current browsers  The following will work  with the following caveats    Your HTML is valid within a  lt div gt  element  HTML contained within  lt body gt  or  lt html gt  or  lt head gt  tags is not valid within a  lt div gt  and may therefore not be parsed correctly  textContent  the DOM standard property  and innerText  non-standard  properties are not identical  For example  textContent will include text within a  lt script gt  element while innerText will not  in most browsers   This only affects IE  lt  8  which is the only major browser not to support textContent  The HTML does not contain  lt script gt  elements  The HTML is not null The HTML comes from a trusted source  Using this with arbitrary HTML allows arbitrary untrusted JavaScript to be executed  This example is from a comment by Mike Samuel on the duplicate question   lt img onerror  alert   could run arbitrary JS here     src bogus gt    Code   var html     lt p gt Some HTML lt  p gt    var div   document createElement  div    div innerHTML   html  var text   div textContent    div innerText

User · Answer

cleanText   strInputCode replace   lt       gt     gt     g   quot  quot     Distilled from this website  web achive   This regex looks for  lt   an optional slash    one or more characters that are not  gt   then either  gt  or    the end of the line  Examples    lt div gt Hello lt  div gt      gt   Hello                     Unterminated Tag  lt b     gt   Unterminated Tag                         But it is not bulletproof   If you are  lt  13 you cannot register     gt   If you are                                          lt div data  quot score  gt  42 quot  gt Hello lt  div gt      gt    42 quot  gt Hello                                       If someone is trying to break your application  this regex will not protect you  It should only be used if you already know the format of your input  As other knowledgable and mostly sane people have pointed out  to safely strip tags  you must use a parser  If you do not have acccess to a convenient parser like the DOM  and you cannot trust your input to be in the right format  you may be better off using a package like sanitize-html  and also other sanitizers are available

[javascript] How to strip HTML tags from string in JavaScript?

Examples related to javascript

Examples related to html-parsing