JAVASCRIPT

Sanitize Input by Removing Specific HTML Tags

Protect against XSS attacks by implementing a JavaScript regex to remove potentially malicious HTML tags like script and style from user-generated content for security.

function removeHarmfulTags(htmlString) {
  // Regex to remove <script> and <style> tags and their content
  const harmfulTagRegex = /<\/?(script|style)\b[^>]*>/gi;
  let sanitizedString = htmlString.replace(harmfulTagRegex, "");
  
  // Optionally, remove any remaining HTML tags (be careful with this for rich text)
  // const allHtmlTagRegex = /<[^>]*>/g;
  // sanitizedString = sanitizedString.replace(allHtmlTagRegex, "");
  
  return sanitizedString;
}

// Usage:
const userComment = "Hello <b>world</b>! <script>alert('XSS');</script> <style>body{color:red;}</style> Normal text.";
console.log(removeHarmfulTags(userComment)); // "Hello <b>world</b>!  Normal text."
How it works: The `removeHarmfulTags` function in JavaScript uses a regular expression to sanitize user input by removing specific potentially dangerous HTML tags like `<script>` and `<style>` along with their content. The `gi` flags ensure case-insensitive matching and global replacement. This is a basic but important step in preventing Cross-Site Scripting (XSS) vulnerabilities in web applications, especially when allowing users to submit content that might contain HTML.

Need help integrating this into your project?

Our team of expert developers can help you build your custom application from scratch.

Hire DigitalCodeLabs