Skip to content

Instantly share code, notes, and snippets.

@spikebrehm

spikebrehm/htmlDecode.js

Created August 24, 2014 18:53
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save spikebrehm/2774ae57e990b6f5252a to your computer and use it in GitHub Desktop.
Save spikebrehm/2774ae57e990b6f5252a to your computer and use it in GitHub Desktop.
Download ZIP
Is this method of decoding HTML entities safe from XSS injections?
Raw
htmlDecode.js
function htmlDecode(input) {
var e = document.createElement('div');
e.innerHTML = input;
return e.childNodes.length === 0 ? "" : e.childNodes[0].nodeValue;
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment