{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 啃猪蹄的小仙女 的问题《Disable some html output in input box》','https://www.manongdao.com/q-826989.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I have an input that works like a chat box. (The user types something in the input and it outputs on the page). I just noticed that the user can also use html tags in my input box to change the output.
Example: If I typed <b>Hello</b>, the output text would be bolded and so on...
I don't want to disable this function completly. But there are some tags that I don't want outputted (example h1 or h2...). I think that's it's possible with regex (not sure how too proceed with that though), but I feel like there may be a easier solution, if not, just throw in whatever works.
The code below is what gets my input box to work:
$('form').on('submit', function(e){
e.preventDefault();
checkValue();
});
function checkValue() {
var message = document.getElementById("userinput").value;
$('#output').html(message);
}
Thanks.
You need to add another part to your checkValue function:
See how I have replaced all h1 elements with escaped characters and the text (h1).
This should work and you can repeat it again and again to get rid of everything you don't want, e.g.
There is more on the replace function here: http://www.w3schools.com/jsref/jsref_replace.asp
Here is a different way that I found on this site:
How can I strip certain html tags out of a string?
See if that fits your needs:
Or you could use e.g
replaceWith(function(){return '<h>'+this.innerHTML+'</h>';})instead ofremove().DEMO jsFiddle