Is this a good string sanitizer? [duplicate] - javascript

This question already has answers here:
Closed 10 years ago.
Possible Duplicate:
HtmlSpecialChars equivalent in Javascript?
I couldn't find a good string sanitization function to be safely used inside HTML. I was wondering if this is a good approach:
String.prototype.sanitize = function() {
return $('<div></div>').text(this).html();
}

For sanitizing against XSS, yes. For sanitizing against SQL injections, no.

It's better (and still easy) to remove the jquery requirement:
String.prototype.htmlspecialchars = function() {
var span = document.createElement('span'),
txt = document.createTextNode(this);
span.appendChild(txt);
return span.innerHTML;
}
The coupling with document still isn't so bad, because that's where it's going to be used anyway, but I prefer using successive String.replace() like in this answer.

Related

How are +variable+ and ${variable} different in javascript? [duplicate]

This question already has answers here:
ES6 template literals vs. concatenated strings
(4 answers)
Closed 1 year ago.
I'm start coding.
While I was watching a lecture, I saw code like this.
var coworkers = ['go', 'hello', 'hi', 'doit'];
<script type="text/javascript">
var i = 0;
while(i < coworkers.length){
document.write('<li>'+coworkers[i]+'</li>');
i = i + 1;
}
But But when I searched, Said to use ${variable} in JavaScript. and It didn't work.
How are +variable+ and ${variable} different in javascript? Thanks :)
Those placeholders, like ${variable}, can only be used in template literals, which are always enclosed in backticks(the key right below you escape key).
If it still doesn’t work, maybe you’re using an older browser?

DOM equivalent of jQuery .clone() function [duplicate]

This question already has an answer here:
How to duplicate a div in JavaScript
(1 answer)
Closed 5 years ago.
What is a good equivalent for the jQuery .clone() function in regular DOM JavaScript? I performed multiple searches (on both SO and Bing) and didn't find a specific answer. I need to produce a copy of an element and all of its internal elements. The clone must have all of the elements and content of the source elements. If possible, make the solution as compact or efficient as possible.
try this
var clonedElement = document.getElementById('id').cloneNode(true)
var element= document.getElementById("myid");
var clone= element.cloneNode(true);

Javascript unescape doesn't seem to work [duplicate]

This question already has answers here:
Unescape apostrophe (') in JavaScript?
(2 answers)
Closed 8 years ago.
I have a simple string which is
Company's
Now I have some javascript which is ran when a form is submitted
var jsCompanyName = '#Model.Name';
var unescapedCompanyName = unescape(jsCompanyName);
$('.selector-input').val(unescapedCompanyName);
$('.selector-input-id').val('#Model.Id');
Going thought with a debugger, my var unescapedCompanyName is still "Company's" even after the unescape function, does anyone have any idea on why this isn't removing ' and replacing it with a '
The unescape() function has nothing to do with HTML syntax. It's for handling escapes in URL syntax, which is a completely different thing. (It's also deprecated even for its intended purpose.)
There's no built-in function to deal with HTML escapes. However, code running in a web browser can do something like this:
function html_unescape(s) {
var div = document.createElement("div");
div.innerHTML = s;
return div.textContent || div.innerText; // IE is different
}
You can do this easily with JQUERY if you really need to:
function htmlDecode(value) {
return $('<div/>').html(value).text();
}
var str = 'Company's';
console.log(htmlDecode(str)); // Company's
JSFIDDLE.

searching values in array javascript [duplicate]

This question already has answers here:
Determine whether an array contains a value [duplicate]
(18 answers)
Closed 9 years ago.
Is there a built-in function in javascript to do this or this is only the option to go? Please look at the code below:
var arr=[1,3,4,'+','-', or whatever]
function value_check(user_click){
var operators=['+','-','/','*','.']
for (var i=0;i<operators.length;i++){
if (arr[arr.length-1]==operators[i]){var value1='operator found';}
if (user_click==operators[i]){
var value2= value1;alert("consecutive operators"); break;
}
}
}
I think this code achieves what I intend to do but is there a simple and shorter way of doing this. In words, I want to achieve something like this:
if (arr[arr.length-1] && user_click BOTH ARE IN operators array)
alert("consecutive operators)
Yes, there are some options:
JavaScript indexOf()
jQuery.inArray()
arrayName.indexOf() is what you are looking for.

Is there a += available for attr() and val()? [duplicate]

This question already has answers here:
Is it possible to do ".value +=" in JQuery?
(5 answers)
Closed 8 years ago.
Since I've moved to jQuery development has sped up for a great deal, but there is one thing which has become a little more time-consuming: appending some string to an attribute/value.
For example, if you wanted to append a letter to the value of a textbox, you would normally do:
input.value += 'a';
but now using jQuery, it has become:
input.val(input.val() + 'a');
I know it wouldn't be too hard to create a function which can do this and then append that function to jQuery.fn, but I was rather wondering whether there is such a function perhaps already available. I haven't found any so far. Or is there perhaps a better technique of appending a string to a value/attribute than what I'm doing at the moment?
If you know that your element has a value attribute, there is no reason not to use
input.value += 'a';
There is nothing to stop you using plain JavaScript in your jQuery scripts.
In fact,
input.val(input.val() + 'a');
has no benefits over using plain 'js', except if your input is a jQuery object and you want to chain methods.
I'd suggest overall
var $input = $('#someInput');
$input[0].value += 'a'; //get the DOM object from your jQuery object

Categories

Resources