Skip to content

Instantly share code, notes, and snippets.

@spikebrehm
Created August 24, 2014 18:53
Show Gist options
  • Save spikebrehm/2774ae57e990b6f5252a to your computer and use it in GitHub Desktop.
Save spikebrehm/2774ae57e990b6f5252a to your computer and use it in GitHub Desktop.
Is this method of decoding HTML entities safe from XSS injections?
function htmlDecode(input) {
var e = document.createElement('div');
e.innerHTML = input;
return e.childNodes.length === 0 ? "" : e.childNodes[0].nodeValue;
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment