Javascript: Convert chars like ' to UTF8 [duplicate] - javascript
This question already has answers here:
Unescape HTML entities in JavaScript?
(33 answers)
Closed 5 years ago.
How do I encode and decode HTML entities using JavaScript or JQuery?
var varTitle = "Chris' corner";
I want it to be:
var varTitle = "Chris' corner";
I recommend against using the jQuery code that was accepted as the answer. While it does not insert the string to decode into the page, it does cause things such as scripts and HTML elements to get created. This is way more code than we need. Instead, I suggest using a safer, more optimized function.
var decodeEntities = (function() {
// this prevents any overhead from creating the object each time
var element = document.createElement('div');
function decodeHTMLEntities (str) {
if(str && typeof str === 'string') {
// strip script/html tags
str = str.replace(/<script[^>]*>([\S\s]*?)<\/script>/gmi, '');
str = str.replace(/<\/?\w(?:[^"'>]|"[^"]*"|'[^']*')*>/gmi, '');
element.innerHTML = str;
str = element.textContent;
element.textContent = '';
}
return str;
}
return decodeHTMLEntities;
})();
http://jsfiddle.net/LYteC/4/
To use this function, just call decodeEntities("&") and it will use the same underlying techniques as the jQuery version will—but without jQuery's overhead, and after sanitizing the HTML tags in the input. See Mike Samuel's comment on the accepted answer for how to filter out HTML tags.
This function can be easily used as a jQuery plugin by adding the following line in your project.
jQuery.decodeEntities = decodeEntities;
You could try something like:
var Title = $('<textarea />').html("Chris' corner").text();
console.log(Title);
<script src="https://ajax.googleapis.com/ajax/libs/jquery/2.1.1/jquery.min.js"></script>
JS Fiddle.
A more interactive version:
$('form').submit(function() {
var theString = $('#string').val();
var varTitle = $('<textarea />').html(theString).text();
$('#output').text(varTitle);
return false;
});
<script src="https://ajax.googleapis.com/ajax/libs/jquery/2.1.1/jquery.min.js"></script>
<form action="#" method="post">
<fieldset>
<label for="string">Enter a html-encoded string to decode</label>
<input type="text" name="string" id="string" />
</fieldset>
<fieldset>
<input type="submit" value="decode" />
</fieldset>
</form>
<div id="output"></div>
JS Fiddle.
Like Robert K said, don't use jQuery.html().text() to decode html entities as it's unsafe because user input should never have access to the DOM. Read about XSS for why this is unsafe.
Instead try the Underscore.js utility-belt library which comes with escape and unescape methods:
_.escape(string)
Escapes a string for insertion into HTML, replacing &, <, >, ", `, and ' characters.
_.escape('Curly, Larry & Moe');
=> "Curly, Larry & Moe"
_.unescape(string)
The opposite of escape, replaces &, <, >, ", ` and ' with their unescaped counterparts.
_.unescape('Curly, Larry & Moe');
=> "Curly, Larry & Moe"
To support decoding more characters, just copy the Underscore unescape method and add more characters to the map.
Original author answer here.
This is my favourite way of decoding HTML characters. The advantage of using this code is that tags are also preserved.
function decodeHtml(html) {
var txt = document.createElement("textarea");
txt.innerHTML = html;
return txt.value;
}
Example: http://jsfiddle.net/k65s3/
Input:
Entity: Bad attempt at XSS:<script>alert('new\nline?')</script><br>
Output:
Entity: Bad attempt at XSS:<script>alert('new\nline?')</script><br>
Here's a quick method that doesn't require creating a div, and decodes the "most common" HTML escaped chars:
function decodeHTMLEntities(text) {
var entities = [
['amp', '&'],
['apos', '\''],
['#x27', '\''],
['#x2F', '/'],
['#39', '\''],
['#47', '/'],
['lt', '<'],
['gt', '>'],
['nbsp', ' '],
['quot', '"']
];
for (var i = 0, max = entities.length; i < max; ++i)
text = text.replace(new RegExp('&'+entities[i][0]+';', 'g'), entities[i][1]);
return text;
}
here is another version:
function convertHTMLEntity(text){
const span = document.createElement('span');
return text
.replace(/&[#A-Za-z0-9]+;/gi, (entity,position,text)=> {
span.innerHTML = entity;
return span.innerText;
});
}
console.log(convertHTMLEntity('Large < £ 500'));
Inspired by Robert K's solution, this version does not strip HTML tags, and is just as secure.
var decode_entities = (function() {
// Remove HTML Entities
var element = document.createElement('div');
function decode_HTML_entities (str) {
if(str && typeof str === 'string') {
// Escape HTML before decoding for HTML Entities
str = escape(str).replace(/%26/g,'&').replace(/%23/g,'#').replace(/%3B/g,';');
element.innerHTML = str;
if(element.innerText){
str = element.innerText;
element.innerText = '';
}else{
// Firefox support
str = element.textContent;
element.textContent = '';
}
}
return unescape(str);
}
return decode_HTML_entities;
})();
jQuery provides a way to encode and decode html entities.
If you use a "<div/>" tag, it will strip out all the html.
function htmlDecode(value) {
return $("<div/>").html(value).text();
}
function htmlEncode(value) {
return $('<div/>').text(value).html();
}
If you use a "<textarea/>" tag, it will preserve the html tags.
function htmlDecode(value) {
return $("<textarea/>").html(value).text();
}
function htmlEncode(value) {
return $('<textarea/>').text(value).html();
}
To add yet another "inspired by Robert K" to the list, here is another safe version which does not strip HTML tags. Instead of running the whole string through the HTML parser, it pulls out only the entities and converts those.
var decodeEntities = (function() {
// this prevents any overhead from creating the object each time
var element = document.createElement('div');
// regular expression matching HTML entities
var entity = /&(?:#x[a-f0-9]+|#[0-9]+|[a-z0-9]+);?/ig;
return function decodeHTMLEntities(str) {
// find and replace all the html entities
str = str.replace(entity, function(m) {
element.innerHTML = m;
return element.textContent;
});
// reset the value
element.textContent = '';
return str;
}
})();
Inspired by Robert K's solution, strips html tags and prevents executing scripts and eventhandlers like: <img src=fake onerror="prompt(1)">
Tested on latest Chrome, FF, IE (should work from IE9, but haven't tested).
var decodeEntities = (function () {
//create a new html document (doesn't execute script tags in child elements)
var doc = document.implementation.createHTMLDocument("");
var element = doc.createElement('div');
function getText(str) {
element.innerHTML = str;
str = element.textContent;
element.textContent = '';
return str;
}
function decodeHTMLEntities(str) {
if (str && typeof str === 'string') {
var x = getText(str);
while (str !== x) {
str = x;
x = getText(x);
}
return x;
}
}
return decodeHTMLEntities;
})();
Simply call:
decodeEntities('<img src=fake onerror="prompt(1)">');
decodeEntities("<script>alert('aaa!')</script>");
Here is a full version
function htmldecode(s){
window.HTML_ESC_MAP = {
"nbsp":" ","iexcl":"¡","cent":"¢","pound":"£","curren":"¤","yen":"¥","brvbar":"¦","sect":"§","uml":"¨","copy":"©","ordf":"ª","laquo":"«","not":"¬","reg":"®","macr":"¯","deg":"°","plusmn":"±","sup2":"²","sup3":"³","acute":"´","micro":"µ","para":"¶","middot":"·","cedil":"¸","sup1":"¹","ordm":"º","raquo":"»","frac14":"¼","frac12":"½","frac34":"¾","iquest":"¿","Agrave":"À","Aacute":"Á","Acirc":"Â","Atilde":"Ã","Auml":"Ä","Aring":"Å","AElig":"Æ","Ccedil":"Ç","Egrave":"È","Eacute":"É","Ecirc":"Ê","Euml":"Ë","Igrave":"Ì","Iacute":"Í","Icirc":"Î","Iuml":"Ï","ETH":"Ð","Ntilde":"Ñ","Ograve":"Ò","Oacute":"Ó","Ocirc":"Ô","Otilde":"Õ","Ouml":"Ö","times":"×","Oslash":"Ø","Ugrave":"Ù","Uacute":"Ú","Ucirc":"Û","Uuml":"Ü","Yacute":"Ý","THORN":"Þ","szlig":"ß","agrave":"à","aacute":"á","acirc":"â","atilde":"ã","auml":"ä","aring":"å","aelig":"æ","ccedil":"ç","egrave":"è","eacute":"é","ecirc":"ê","euml":"ë","igrave":"ì","iacute":"í","icirc":"î","iuml":"ï","eth":"ð","ntilde":"ñ","ograve":"ò","oacute":"ó","ocirc":"ô","otilde":"õ","ouml":"ö","divide":"÷","oslash":"ø","ugrave":"ù","uacute":"ú","ucirc":"û","uuml":"ü","yacute":"ý","thorn":"þ","yuml":"ÿ","fnof":"ƒ","Alpha":"Α","Beta":"Β","Gamma":"Γ","Delta":"Δ","Epsilon":"Ε","Zeta":"Ζ","Eta":"Η","Theta":"Θ","Iota":"Ι","Kappa":"Κ","Lambda":"Λ","Mu":"Μ","Nu":"Ν","Xi":"Ξ","Omicron":"Ο","Pi":"Π","Rho":"Ρ","Sigma":"Σ","Tau":"Τ","Upsilon":"Υ","Phi":"Φ","Chi":"Χ","Psi":"Ψ","Omega":"Ω","alpha":"α","beta":"β","gamma":"γ","delta":"δ","epsilon":"ε","zeta":"ζ","eta":"η","theta":"θ","iota":"ι","kappa":"κ","lambda":"λ","mu":"μ","nu":"ν","xi":"ξ","omicron":"ο","pi":"π","rho":"ρ","sigmaf":"ς","sigma":"σ","tau":"τ","upsilon":"υ","phi":"φ","chi":"χ","psi":"ψ","omega":"ω","thetasym":"ϑ","upsih":"ϒ","piv":"ϖ","bull":"•","hellip":"…","prime":"′","Prime":"″","oline":"‾","frasl":"⁄","weierp":"℘","image":"ℑ","real":"ℜ","trade":"™","alefsym":"ℵ","larr":"←","uarr":"↑","rarr":"→","darr":"↓","harr":"↔","crarr":"↵","lArr":"⇐","uArr":"⇑","rArr":"⇒","dArr":"⇓","hArr":"⇔","forall":"∀","part":"∂","exist":"∃","empty":"∅","nabla":"∇","isin":"∈","notin":"∉","ni":"∋","prod":"∏","sum":"∑","minus":"−","lowast":"∗","radic":"√","prop":"∝","infin":"∞","ang":"∠","and":"∧","or":"∨","cap":"∩","cup":"∪","int":"∫","there4":"∴","sim":"∼","cong":"≅","asymp":"≈","ne":"≠","equiv":"≡","le":"≤","ge":"≥","sub":"⊂","sup":"⊃","nsub":"⊄","sube":"⊆","supe":"⊇","oplus":"⊕","otimes":"⊗","perp":"⊥","sdot":"⋅","lceil":"⌈","rceil":"⌉","lfloor":"⌊","rfloor":"⌋","lang":"〈","rang":"〉","loz":"◊","spades":"♠","clubs":"♣","hearts":"♥","diams":"♦","\"":"quot","amp":"&","lt":"<","gt":">","OElig":"Œ","oelig":"œ","Scaron":"Š","scaron":"š","Yuml":"Ÿ","circ":"ˆ","tilde":"˜","ndash":"–","mdash":"—","lsquo":"‘","rsquo":"’","sbquo":"‚","ldquo":"“","rdquo":"”","bdquo":"„","dagger":"†","Dagger":"‡","permil":"‰","lsaquo":"‹","rsaquo":"›","euro":"€"};
if(!window.HTML_ESC_MAP_EXP)
window.HTML_ESC_MAP_EXP = new RegExp("&("+Object.keys(HTML_ESC_MAP).join("|")+");","g");
return s?s.replace(window.HTML_ESC_MAP_EXP,function(x){
return HTML_ESC_MAP[x.substring(1,x.length-1)]||x;
}):s;
}
Usage
htmldecode("∑ >€");
Injecting untrusted HTML into the page is dangerous as explained in How to decode HTML entities using jQuery?.
One alternative is to use a JavaScript-only implementation of PHP's html_entity_decode (from http://phpjs.org/functions/html_entity_decode:424). The example would then be something like:
var varTitle = html_entity_decode("Chris' corner");
A more functional approach to #William Lahti's answer:
var entities = {
'amp': '&',
'apos': '\'',
'#x27': '\'',
'#x2F': '/',
'#39': '\'',
'#47': '/',
'lt': '<',
'gt': '>',
'nbsp': ' ',
'quot': '"'
}
function decodeHTMLEntities (text) {
return text.replace(/&([^;]+);/gm, function (match, entity) {
return entities[entity] || match
})
}
I know I'm a bit late to the game, but I thought I might provide the following snippet as an example of how I decode HTML entities using jQuery:
var varTitleE = "Chris' corner";
var varTitleD = $("<div/>").html(varTitleE).text();
console.log(varTitleE + " vs. " + varTitleD);
Don't forget to fire-up your inspector/firebug to see the console results -- or simply replace console.log(...) w/alert(...)
That said, here's what my console via the Google Chrome inspector read:
Chris' corner vs. Chris' corner
Because #Robert K and #mattcasey both have good code, I thought I'd contribute here with a CoffeeScript version, in case anyone in the future could use it:
String::unescape = (strict = false) ->
###
# Take escaped text, and return the unescaped version
#
# #param string str | String to be used
# #param bool strict | Stict mode will remove all HTML
#
# Test it here:
# https://jsfiddle.net/tigerhawkvok/t9pn1dn5/
#
# Code: https://gist.github.com/tigerhawkvok/285b8631ed6ebef4446d
###
# Create a dummy element
element = document.createElement("div")
decodeHTMLEntities = (str) ->
if str? and typeof str is "string"
unless strict is true
# escape HTML tags
str = escape(str).replace(/%26/g,'&').replace(/%23/g,'#').replace(/%3B/g,';')
else
str = str.replace(/<script[^>]*>([\S\s]*?)<\/script>/gmi, '')
str = str.replace(/<\/?\w(?:[^"'>]|"[^"]*"|'[^']*')*>/gmi, '')
element.innerHTML = str
if element.innerText
# Do we support innerText?
str = element.innerText
element.innerText = ""
else
# Firefox
str = element.textContent
element.textContent = ""
unescape(str)
# Remove encoded or double-encoded tags
fixHtmlEncodings = (string) ->
string = string.replace(/\&#/mg, '&#') # The rest, for double-encodings
string = string.replace(/\"/mg, '"')
string = string.replace(/\"e;/mg, '"')
string = string.replace(/\_/mg, '_')
string = string.replace(/\'/mg, "'")
string = string.replace(/\"/mg, '"')
string = string.replace(/\>/mg, '>')
string = string.replace(/\</mg, '<')
string
# Run it
tmp = fixHtmlEncodings(this)
decodeHTMLEntities(tmp)
See https://jsfiddle.net/tigerhawkvok/t9pn1dn5/7/ or https://gist.github.com/tigerhawkvok/285b8631ed6ebef4446d (includes compiled JS, and is probably updated compared to this answer)
To do it in pure javascript without jquery or predefining everything you can cycle the encoded html string through an elements innerHTML and innerText(/textContent) properties for every decode step that is required:
<html>
<head>
<title>For every decode step, cycle through innerHTML and innerText </title>
<script>
function decode(str) {
var d = document.createElement("div");
d.innerHTML = str;
return typeof d.innerText !== 'undefined' ? d.innerText : d.textContent;
}
</script>
</head>
<body>
<script>
var encodedString = "<p>name</p><p><span style=\"font-size:xx-small;\">ajde</span></p><p><em>da</em></p>";
</script>
<input type=button onclick="document.body.innerHTML=decode(encodedString)"/>
</body>
</html>
I think that is the exact opposite of the solution chosen.
var decoded = $("<div/>").text(encodedStr).html();
Try it :)
Related
How to unescape amp; in JavaScript
Say I have this string java&script, how can I convert this to java&script? In the console of Google Chrome this doesn't work var str="java&script"; var str_esc=escape(str); var str_unc = unescape(str_esc) console.log(str_esc) console.log(str_unc) but this seems to work just fine <!DOCTYPE html> <html> <body> <script> var str="java&script"; var str_esc=escape(str); document.write(str_esc + "<br>") document.write(unescape(str_esc)) </script> </body> </html> Thank you for your help
You could decode the entity with a function that drops the string into a textarea, and then pulls the value from that, like so: function htmlEntityDecode(str){ var txt = document.createElement('textarea'); txt.innerHTML = str; return txt.value; } var str = htmlEntityDecode("java&script"); console.log( str ); Or even simpler, if it really is just that one case, why not just use a simple .replace() method on it? var str = 'java&script'; str = str.replace('&', '&'); console.log( str ); But if you have more than one instance, you would need to have a global replace: var str = 'java & script and script & java'; str = str.replace(/&/g, '&'); console.log( str );
A simple solution to convert from an input string of say "java&script" to "java&script" can be achieved via the regular expression & passed to the the string#replace method: var inputStr="java&script&jj"; /* match any occourance of & in the string and replace with &. Use the gi to cause replacement to happen irrespective of case (i) and globally across all occurances of & in the string (g). */ var unescapedStr = inputStr.replace(/&/gi, '&'); console.log(unescapedStr);
Javascript Apostrophe Decoding
I have a string javascript message like this one : var message = "merci d'ajouter"; And I want this text to be converted into this one (decoding) : var result = "merci d'ajouter"; I don't want any replace method, i want a general javascript solution working for every caracter encoded. Thanks in advance
This is actually possible in native JavaScript Heep in mind that IE8 and earlier do not support textContent, so we will have to use innerText for them. function decode(string) { var div = document.createElement("div"); div.innerHTML = string; return typeof div.textContent !== 'undefined' ? div.textContent : div.innerText; } var testString = document.getElementById("test-string"); var decodeButton = document.getElementById("decode-button"); var decodedString = document.getElementById("decoded-string"); var encodedString = "merci d'ajouter"; decodeButton.addEventListener("click", function() { decodedString.innerHTML = decode(encodedString); }); <h1>Decode this html</h1> <p id="test-string"></p> <input type=button id="decode-button" value="Decode HTML"/> <p id="decoded-string"></p> An easier solution would be to use the Underscore.js library. This is a fantastic library that provides you with a lot of additional functionality. Underscore provides an _unescape(string) function The opposite of escape, replaces &, <, >, ", ` and ' with their unescaped counterparts. _.unescape('Zebras, Elephants & Penguins'); => "Zebras, Elephants & Penguins"
Remove a letter(:) from a string
I have strings like Name:, Call:, Phone:....and so on in my table. I am learning jQuery and was able to access the text. My tutorial has used trim() to remove any whitespaces. But I want o remove ":" from the end of each string (and yes, it always lies in the end after calling trim() method). So how to achieve it. Its my code: <script type="text/javascript"> $(function () { $(':input[type=text], textarea').each ( function () { var newText = 'Please enter your ' + $(this).parent().prev().text().toLowerCase().trim(); $(this).attr('value', newText); }).one('focus', function () { this.value = '', this.className = '' }).addClass('Watermark').css('width', '300px'); }); </script> trim(":") did not help...
You can replace all : characters: var str = '::a:sd:'; str = str.replace(/:/g,''); // str = 'asd'; Or use a handy rtrim() function: String.prototype.rtrim = function(character) { var re = new RegExp(character + '*$', 'g'); return this.replace(re, ''); }; var str = '::a:sd:'; str = str.rtrim(':'); // str = '::a:sd';
In this case just use the plain old JavaScript replace or substr methods. You can also use a regular expression that looks for colon as the last character (the character preceding the regexp end-of-string anchor "$"). "hi:".replace(/:$/, "") hi "hi".replace(/:$/, "") hi "h:i".replace(/:$/, "") h:i This is a simplified, inline version of the rtrim function in Blender's answer. EDIT: Here is a test fiddle for Blender's corrected rtrim function. Note that his RegExp will delete multiple occurrences of the specified character if the string ends with multiple instances of it consecutively (example bolded below). http://jsfiddle.net/fGrPb/5/ input = '::a:sd:' output = '::a:sd'; input = 'hi:' output = 'hi'; input = 'hi:::' output = 'hi'; input = 'hi' output = 'hi'; input = 'h:i' output = 'h:i'
To chop the last character of a string use string.slice(0,-1)
You can use a regular expression to remove the colon (:). Replace one instance: var with_colon = 'Stuff:'; var regex = /([^:]*):/; var without_colon = regex.exec(with_colon)[1]; alert(without_colon); Result: Stuff Replace all instances: var with_colon = 'Stuff: Things:'; var without_colon = with_colon.replace(/([^:]*):/g,'$1'); alert(without_colon); Result: Stuff Things
var myStr = "something:"; myStr = myStr.slice(0, -1);
var a="name:"; var b=a.split(":"); alert(b[0]);
one way is to use lastIndexOf var str='Name:, Call:, Phone:'; var index=str.lastIndexOf(":"); alert(index); var s=str.substring(0,index); alert(s); DEMO
This checks if the last character is a colon. If it is, the last character is removed. if (str[str.length - 1] === ":") { str = str.slice(0, -1); } If there can be multiple trailing colons, you can replace if with while, like this: while (str[str.length - 1] === ":") { str = str.slice(0, -1); } You could even make a generic trim function that accepts a string and a character and trims trailing instances of that character: var trim = function(str, chr) { while (str[str.length - 1] === ":") { str = str.slice(0, -1); } return str; }
function trim(str) { str = str.replace(/^:*/,""); return str.replace(/:*$/,""); }
str = str.substring(0,str.lastIndexOf(":")); Note that this removes everything from the last : to the end of the string (for example, any whitespace after the :).
Javascript regular expression that ignores a substring
Background: I found similiar S.O. posts on this topic, but I failed to make it work for my scenario. Appologies in advance if this is a dupe. My Intent: Take every English word in a string, and convert it to a html hyperlink. This logic needs to ignore only the following markup: <br/>, <b>, </b> Here's what I have so far. It converts English words to hyperlinks as I expect, but has no ignore logic for html tags (that's where I need your help): text = text.replace(/\b([A-Z\-a-z]+)\b/g, "$1"); Example Input / Output: Sample Input: this <b>is</b> a test Expected Output: this <b>is</b> a test Thank you.
Issues with regexing HTML aside, the way I'd do this is in two steps: First of foremost, one way or another, extract the texts outside the tags Then only do this transform to these texts, and leave everything else untouched Related questions Regex replace string but not inside html tag RegEx: Matching a especific string that is not inside in HTML tag regex - match not in tag RegEx to ignore / skip everything in html tags Text Extraction from HTML Java
Here's a hybrid solution that gives you the performance gain of innerHTML and the luxury of not having to mess with HTML strings when looking for the matches: function findMatchAndReplace(node, regex, replacement) { var parent, temp = document.createElement('div'), next; if (node.nodeType === 3) { parent = node.parentNode; temp.innerHTML = node.data.replace(regex, replacement); while (temp.firstChild) parent.insertBefore(temp.firstChild, node); parent.removeChild(node); } else if (node.nodeType === 1) { if (node = node.firstChild) do { next = node.nextSibling; findMatchAndReplace(node, regex, replacement); } while (node = next); } } Input: <div id="foo"> this <b>is</b> a test </div> Process: findMatchAndReplace( document.getElementById('foo'), /\b\w+\b/g, '$&' ); Output (whitespace added for clarity): <div id="foo"> this <b>is</b> a test </div>
Here's another JavaScript method. var StrWith_WELL_FORMED_TAGS = "This <b>is</b> a test, <br> Mr. O'Leary! <!-- What about comments? -->"; var SplitAtTags = StrWith_WELL_FORMED_TAGS.split (/[<>]/); var ArrayLen = SplitAtTags.length; var OutputStr = ''; var bStartWithTag = StrWith_WELL_FORMED_TAGS.charAt (0) == "<"; for (var J=0; J < ArrayLen; J++) { var bWeAreInsideTag = (J % 2) ^ bStartWithTag; if (bWeAreInsideTag) { OutputStr += '<' + SplitAtTags[J] + '>'; } else { OutputStr += SplitAtTags[J].replace (/([a-z']+)/gi, '$1'); } } //-- Replace "console.log" with "alert" if not using Firebug. console.log (OutputStr);
Is there any method to unescape '>' to '>' in JavaScript?
i want to escape some HTML in JavaScript. How can I do that?
I often use the following function to decode HTML Entities: function htmlDecode(input){ var e = document.createElement('div'); e.innerHTML = input; return e.childNodes[0].nodeValue; } htmlDecode('<>'); // "<>" Simple, cross-browser and works with all the HTML 4 Character Entities.
You could create a dummy textarea, set its innerHTML to your escaped html [the html with >s] and use the textarea.value var ta = document.createElement('textarea'); ta.innerHTML = ">"; alert(ta.value); ... had to use this on a CMS once [although when i used it, it was bad practice]