I'm writing a Chrome extension that involves doing a lot of the following job: sanitizing strings that might contain HTML tags, by converting <
, >
and &
to <
, >
and &
, respectively.
(In other words, the same as PHP's htmlspecialchars(str, ENT_NOQUOTES)
– I don't think there's any real need to convert double-quote characters.)
This is the fastest function I have found so far:
function safe_tags(str) {
return str.replace(/&/g,'&').replace(/</g,'<').replace(/>/g,'>') ;
}
But there's still a big lag when I have to run a few thousand strings through it in one go.
Can anyone improve on this? It's mostly for strings between 10 and 150 characters, if that makes a difference.
(One idea I had was not to bother encoding the greater-than sign – would there be any real danger with that?)
Here's one way you can do this:
var escape = document.createElement('textarea');
function escapeHTML(html) {
escape.textContent = html;
return escape.innerHTML;
}
function unescapeHTML(html) {
escape.innerHTML = html;
return escape.textContent;
}