htmlspecialchars() - anybody have javascript equiv?

sneakyimp

ok...so this question is part php, part javascript.

i have a dynamic form in my php project that lets a user email a page to a friend. when the user types in their name, i want to show what they are typing in the title of the email so i have some javascript that changes another part of the page.

i noticed that when the user types <, &, or > in the form input that tags can be created in the other html. i don't want spammers sending links to images through our gateway so i plan to use HTMLSPECIALCHARS on the form input.

HOWEVER, the form needs a javascript equivalent of that function. i was wondering if anyone here has implemented htmlspecialchars() in javascript?

planetsim

It wouldnt be hard to.

function htmlspecialchars(string)
{
    string = string.replace(/</g, "&lt;");
    string = string.replace(/>/g, "&gt;");
    return string;
}

Of course PHPs version also has another two parameters im sure that sort of helps.

sneakyimp

thanks for your suggestion, planetsim.

i had tried that but it was only replacing a single instance of the characters. thus, if the user were to enter <><img src='http://foo.com/advertisement.jpg'> then that image would display in the form. as i said, i'll be using htmlspecialchars() on the php end of things, but i don't want to encourage any chumps to try that.

I think i've managed to get it working with this code:

function cleaner(findString, replaceString, thaString) {
  var resultAry = thaString.split(findString);
  var result = resultAry[0];
  for (i=1; i<resultAry.length; i++) {
    result += replaceString + resultAry[i];
  }
  return result;
}
function cleanString(arg) {
  var newString = new String(arg);
  newString = cleaner('&', '&amp;', newString);
  newString = cleaner('<', '&lt;', newString);
  newString = cleaner('>', '&gt;', newString);
  return newString;
} // cleanString

EDIT: your code is right on the money! my bad. i'm still getting used to the no quotes concept and forget the 'g' flag.

this also appears to work:

function cleanString(arg) {
  var newString = new String(arg);
  newString = newString.replace(/&/g, '&amp;');
  newString = newString.replace(/</g, '&lt;');
  newString = newString.replace(/>/g, '&gt;');
  return newString;
} // cleanString