Javascript to remove SCRIPT tags from a string + inner content:
output = yourString.replace(/<script\b[^<]*(?:(?!<\/script>)<[^<]*)*<\/script>/gi,". ");Javascript to remove STYLE tags from a string + inner content:
output = yourString.replace(/<style\b[^<]*(?:(?!<\/style>)<[^<]*)*<\/style>/gi,". ");Javascript to remove ALL HTML TAGS, beginning and end:
output = output.replace(/(<([^>]+)>)/ig,"");Note: This is not a reliable for parsing code and expecting the resulting code to be safer. Nefarious contributors can still inject code by doing something like this:
<scri<script>MY FAKE SCRIPT HERE</script>pt>MY EVIL SCRIPT HERE</script>
The FAKE SCRIPT would be removed, but the EVIL SCRIPT would remain. Running the same replace function multiple times might do the trick, might not.
No comments :
Post a Comment