Escaping HTML strings with jQuery

javascript jquery string escaping
Page picture Page · Aug 24, 2008 · Viewed 679.2k times · Source

Does anyone know of an easy way to escape HTML from strings in jQuery? I need to be able to pass an arbitrary string and have it properly escaped for display in an HTML page (preventing JavaScript/HTML injection attacks). I'm sure it's possible to extend jQuery to do this, but I don't know enough about the framework at the moment to accomplish this.

Answer

Tom Gruner picture Tom Gruner · Aug 20, 2012

There is also the solution from mustache.js

var entityMap = {
  '&': '&',
  '<': '&lt;',
  '>': '&gt;',
  '"': '&quot;',
  "'": '&#39;',
  '/': '&#x2F;',
  '`': '&#x60;',
  '=': '&#x3D;'
};

function escapeHtml (string) {
  return String(string).replace(/[&<>"'`=\/]/g, function (s) {
    return entityMap[s];
  });
}

Related questions

How do I check if string contains substring?

I have a shopping cart that displays product options in a dropdown menu and if they select "yes", I want to make some other fields on the page visible. The problem is that the shopping cart also includes the price …

Read More
How to find if an array contains a specific string in JavaScript/jQuery?

Can someone tell me how to detect if "specialword" appears in an array? Example: categories: [ "specialword" "word1" "word2" ]

Read More
How can I process each letter of text using Javascript?

I would like to alert each individual letter of a string, but I am unsure how to do this. So, if I have: var str = 'This is my string'; I would like to be able to separately alert T, h, …

Read More