Skip to main content

Escape HTML entities from HTML string with Whitelist tags and special characters

It's been a long time to keydown for a technical blog. This time, I am going to write about how we can escape HTML entities from given HTML string with the whitelist of tags and special characters given.

When I was working on a task for a project, we supposed to display a toast message with HTML mode enabled. For this, we used Toastr by CodeSeven to display the toaster message when we want to show some notification.

The toaster messages which we display would have the HTML tags as well to display the content in the required formats as like boldstrong or italic. To do this, we have to enable the toastr library to display HTML content by setting escapeHtml property to true in toastr option.

But the problem with this approach would be the XSS attack. Because the escapeHtml property to show all the HTML tags including script tag. So to avoid the XSS, we tried to use some libraries but it contains more lines of code which we don't want.

We came up with an approach with a minimal code as much as possible.

Here is an working example. Thanks for your time. Comments are always welcome :)


Popular posts from this blog

How to start with Go Language - A Google's Programming Language

It's been always fun to start programming with a brand new language. And, as a Programmer, it's absolutely worth to keep you updated with the new languages as you come across.

Every programming language in this world is been designed to solve a problem in mind. So learning a new language would help you to solve your problem efficiently if the language offers flexibility to do so.

I am going to share the knowledge on the new language; atleast for me 😉 (released on 10 November 2009) which i have explored on. The name of new language is Go. Yes it is Google's language; Golang.

Will see what Google says about the new Language,
Go is a statically typed, compiled language in the tradition of C, with memory safety, garbage collection, structural typing, and CSP-style concurrency. Yes, Go language is mainly designed to deal with morden days problems in the computing world. The Golang has the built-in feature of concurrency i.e deal with multiple tasks at same time which would le…

Control Statements in Golang

The beauty of every programming language is defined by the flow of the program i.e by the Control Statements!. Yes, Control statements defines the flow of the program through the blocks of  statements defined. Go language provides control statements as like other languages but with different usage possibilities.

Types Of Control Statements There are three types of control statements available with Golang: Conditional, Unconditional and Loop.
Conditional Statements Conditional statements are statements which would execute the branch of statements conditionally. They are if, if-else , else-if and switch.
If statementif control statement controls the execution of the branch of statements based on the condition given. The syntax is,
if conditions { // statements to be executed } Let's look at the below example
if age == 5 { fmt.Println("Come back when you turn 6 to join 1st standard!") } In Golang, we can have initialization statement right before the conditional …