如何使用 jQuery 去除 HTML 标签?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/13140043/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How to strip HTML tags with jQuery?
提问by Sadda-shutu
I want to remove HTML tags from a string. For example assume we have the string:
我想从字符串中删除 HTML 标签。例如假设我们有字符串:
<p> example ive got a string</P>
How can I write a function that removes the <p><p>and returns just "example ive got a string"?
如何编写一个函数来删除<p><p>并返回“示例我有一个字符串”?
回答by Jon
Use the .text()function:
使用.text()函数:
var text = $("<p> example ive got a string</P>").text();
Update: As Brilliand points out below, if the input string does not contain any tags and you are unlucky enough, it might be treated as a CSS selector. So this version is more robust:
更新:正如 Brilliand 在下面指出的那样,如果输入字符串不包含任何标签并且你很不走运,它可能会被视为 CSS 选择器。所以这个版本更健壮:
var text = $("<div/>").html("<p> example ive got a string</P>").text();
回答by Simon Boudrias
The safest wayis to rely on the browser TextNode to correctly escape content. Here's an example:
该最安全的方式是依靠浏览器TextNode正确逃生的内容。下面是一个例子:
function stripHTML(dirtyString) {
var container = document.createElement('div');
var text = document.createTextNode(dirtyString);
container.appendChild(text);
return container.innerHTML; // innerHTML will be a xss safe string
}
document.write( stripHTML('<p>some <span>content</span></p>') );
document.write( stripHTML('<script><p>some <span>content</span></p>') );The thing to remember here is that the browser escape the special characters of TextNodes when we access the html strings (innerHTML, outerHTML). By comparison, accessing text values (innerText, textContent) will yield raw strings, meaning they're unsafe and could contains XSS.
这里要记住的是,当我们访问 html 字符串 ( innerHTML, outerHTML)时,浏览器会转义 TextNodes 的特殊字符。相比之下,访问文本值 ( innerText, textContent) 将产生原始字符串,这意味着它们不安全并且可能包含 XSS。
If you use jQuery, then using .text()is safe and backward compatible. See the other answers to this question.
如果您使用jQuery,则使用.text()是安全且向后兼容的。请参阅此问题的其他答案。
The simplest wayin pure JavaScript if you work with browsers <= Internet Explorer 8 is:
在最简单的方法在纯JavaScript,如果你与浏览器合作<= Internet Explorer 8的是:
string.replace(/(<([^>]+)>)/ig,"");
But there's some issue with parsing HTML with regex so this won't provide very good security. Also, this only takes care of HTML characters, so it is not totally xss-safe.
但是使用正则表达式解析 HTML 存在一些问题,因此这不会提供很好的安全性。此外,这仅处理 HTML 字符,因此它不是完全 xss 安全的。
回答by Ginosuave
If you want to keep the innerHTML of the element and only strip the outermost tag, you can do this:
如果你想保留元素的innerHTML,只去掉最外面的标签,你可以这样做:
$(".contentToStrip").each(function(){
$(this).replaceWith($(this).html());
});
回答by SocialSupport - Seonictech
This is a example for get the url image, escape the p tag from some item.
这是获取 url 图像的示例,从某些项目中转义 p 标签。
Try this:
尝试这个:
$('#img').attr('src').split('<p>')[1].split('</p>')[0]
回答by VicoMan
You can use the existing split function
您可以使用现有的拆分功能
One easy and choppy exemple:
一个简单而断断续续的例子:
var str = '<p> example ive got a string</P>';
var substr = str.split('<p> ');
// substr[0] contains ""
// substr[1] contains "example ive got a string</P>"
var substr2 = substr [1].split('</p>');
// substr2[0] contains "example ive got a string"
// substr2[1] contains ""
The example is just to show you how the split works.
该示例只是为了向您展示拆分的工作原理。
