5

Ok, I have these string prototypes to work with, however, I don't understand what they do exactly.

String.prototype.php_htmlspecialchars = function()
{
 return this.replace(/&/g, '&amp;').replace(/</g, '&lt;').replace(/>/g, '&gt;').replace(/"/g, '&quot;');
}

String.prototype.php_unhtmlspecialchars = function()
{
 return this.replace(/&quot;/g, '"').replace(/&gt;/g, '>').replace(/&lt;/g, '<').replace(/&amp;/g, '&');
}

String.prototype.php_addslashes = function()
{
 return this.replace(/\\/g, '\\\\').replace(/'/g, '\\\'');
}

String.prototype._replaceEntities = function(sInput, sDummy, sNum)
{
 return String.fromCharCode(parseInt(sNum));
}

String.prototype.removeEntities = function()
{
 return this.replace(/&(amp;)?#(\d+);/g, this._replaceEntities);
}

String.prototype.easyReplace = function (oReplacements)
{
 var sResult = this;
 for (var sSearch in oReplacements)
  sResult = sResult.replace(new RegExp('%' + sSearch + '%', 'g'), oReplacements[sSearch]);

 return sResult;
}

Basically, what I need to do is replace all instances of double quotes ("), >, <, single quotes ('), etc. etc.. Basically the same stuff that htmlentities() in php changes, but I need to replace them with an empty string, so that they are removed from the text.

Can I use any of the functions above? If not, how can I accomplish this in Javascript? Can I use a replace on the string?

Please, someone, help me here. I am placing this text into a select box and will be inputted into the database upon submitting of the form. Though, I am using PHP to remove all of these characters, however, I'm having difficulty finding a way to do this in Javascript.

Thanks :)

Improve this question
4
  • What's the goal? Sounds like you want to strip tags, i.e. extract the text content from HTML, correct? Commented Dec 27, 2010 at 7:35
  • No, I am allowing users to type into a text box, and this goes into the database, and the textbox is critical for it's input. It checks if the select box already has this text in it. So it needs to strip special chars because I don't want to insert into the database the same value that is already in there. Commented Dec 27, 2010 at 7:44
  • However DO make sure you keep your php stripping too since it it very easy to bypass your javascript to inject html directly into your database if you do not test on the server Commented Dec 27, 2010 at 7:49
  • Like I said, I already have this part figured out on the PHP side of things. I strip it just fine in PHP. Completely removing all of this. Just the JS part of it is Not being stripped. Anyways, someone answered it. Cheers :) Commented Dec 27, 2010 at 7:56

1 Answer 1

Reset to default
15

Remove special characters (like !, >, ?, ., # etc.,) from a string using JavaScript: 

var temp = new String('This is a te!!!!st st>ring... So??? What...');
document.write(temp + '<br>');
temp =  temp.replace(/[^a-zA-Z 0-9]+/g,'');
document.write(temp + '<br>');

jsFiddle

Edit:

If you don't want to remove dot(.) from string:

temp =  temp.replace(/[^a-zA-Z 0-9.]+/g,'');
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Thanks, using your method I can actually define my own characters. This is better than stripping out the entities. Thanks :) Just had to add in the - and the _ also.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.