0
How to prevent HTML injection stored
Consider we have one input box If I given the input as <h1> coder</h1> The it show as it is... But here it should show like coder alone... How can we resolve thise
1 Answer
+ 1
Check the following example,
let i="<h1>Hello</h1>;<p>bye</p>";
const val=i.matchAll(/<.*?>(.*?)<.*?>/g);
for(j of val){
console.log(j[1])
}
If the input is something like i , then it will output only the values between those tags(hopefully!).
expression between /.../ is a regex . () captures the value between tags.