innerText property is not encoding the html


I am trying to assign the comment text to an element, which is supposed to contain some html. So I am trying to encode the comment text before displaying it on the page after submitting. I have tried the following procedure but its not encoding the html. I want the html to be converted to literals.

var span=document.createElement("span"); span.innerText=commenttext; console.log(span.innerText);


1) commenttext is a variable.

2) by literals I mean encoded html... &lt.. etc


Assuming you have jQuery take a look at this <a href="https://stackoverflow.com/a/1219983/3423729" rel="nofollow">answer</a>:

function htmlEncode(value){ //create a in-memory div, set it's inner text(which jQuery automatically encodes) //then grab the encoded contents back out. The div never exists on the page. return $('<div/>').text(value).html(); }

And you would then use that method in your code like

var span=document.createElement("span"); span.innerText=htmlEncode(innerText); console.log(span.innerText);

Alternatively take a look at this <a href="https://stackoverflow.com/a/7124052/3423729" rel="nofollow">answer</a> if you don't want to use jQuery.


The code below simply replaces < with &lt; and > with &gt;. This works for simple cases, but one should really escape characters & " and ' as well.

<pre class="snippet-code-html lang-html prettyprint-override"><html> <body> <div id="output">out</div> <script type="text/javascript"> var commenttext = '<ul><li style="color:red;">This is a comment</ul>'; var span=document.createElement("span"); span.innerHTML=commenttext; // displays: This is a comment console.log( 'console: ' + span.textContent ); //displays: "<ul><li style="color:red;">This is a comment</li></ul>" console.log( span.innerHTML ); //displays: "<ul><li style="color:red;">This is a comment</li></ul>" document.getElementById('output').innerHTML = span.innerHTML.replace(/</g,'&lt;').replace(/>/g,'&gt;'); </script> </body> </html>


  • ID Being Rendered As Null In A Typed Razor View
  • Making Quotation(' or \") a String Possible?
  • Control Multiple Audio Access in Single Page using JQuery
  • Whats wrong with this SQLCe Query?
  • Handling placeholders using unobtrusive validation
  • Using HTA in vbscript
  • Pandas Inconsistent date-time format
  • How to project IR image on a 2D plane using OpenCV and PCL
  • How to display international scripts in QLabels?
  • No projects found to import
  • TEdit Input Validation on C++ Builder XE8
  • Convert from hex-encoded CLOB to BLOB in Oracle
  • php DOMDocument - manipulating and encoding
  • Make VS2015 use angular-cli ng at build time in a .NET project
  • Counter field in MS Access, how to generate?
  • Get object from AWS S3 as a stream
  • Java applet as stand-alone Windows application?
  • How to redirect a user to a different server and include HTTP basic authentication credentials?
  • MySQL WHERE-condition in procedure ignored
  • Can a Chrome extension content script make an jQuery AJAX request for an html file that is itself a
  • Upload files with Ajax and Jquery
  • Weird JavaScript statement, what does it mean?
  • Adding custom controls to a full screen movie
  • How do you troubleshoot character encoding problems?
  • Rearranging Cells in UITableView Bug & Saving Changes
  • How to pass list parameters for each object using Spring MVC?
  • Circular dependency while pushing http interceptor
  • How to format a variable of double type
  • Comma separated Values
  • Linker errors when using intrinsic function via function pointer
  • AngularJs get employee from factory
  • Proper way to use connect-multiparty with express.js?
  • Error creating VM instance in Google Compute Engine
  • Hits per day in Google Big Query
  • how does django model after text[] in postgresql [duplicate]
  • FormattedException instead of throw new Exception(string.Format(…)) in .NET
  • Observable and ngFor in Angular 2
  • How to Embed XSL into XML
  • UserPrincipal.Current returns apppool on IIS
  • java string with new operator and a literal