Categories
JavaScript Answers

How to prevent HTML and script injections in JavaScript?

Labrador retriever puppy walking on green grass
Spread the love

Sometimes, we want to prevent HTML and script injections in JavaScript.

In this article, we’ll look at how to prevent HTML and script injections in JavaScript.

How to prevent HTML and script injections in JavaScript?

To prevent HTML and script injections in JavaScript, we escape the string with the JavaScript code.

For instance, we write

const escapedHtml = html.replace(/</g, "&lt;").replace(/>/g, "&gt;");

to call replace to replace the opening and closing brackets with "&lt;" and "&gt;" respectively with replace.

The g flag will make replace replace all matches.

The escaped string is returned and the string won’t have valid code so it can’t be run.

Conclusion

To prevent HTML and script injections in JavaScript, we escape the string with the JavaScript code.

Related Posts

By John Au-Yeung

Web developer specializing in React, Vue, and front end development.

Leave a Reply

Your email address will not be published. Required fields are marked *