2

I am trying to append a parsed email to a textarea with javascript, and this is proving to be particularly difficult because of the < & > in email addresses like <foo@bar.com>

Here is an example of my situation in action. https://jsfiddle.net/xxchz97L/

So I am trying to do a str.replace on the < & > but nothing I do seems to work. Does anyone know how to do this?

Here is a simple excerpt of my code. I am also including jQuery.

HTML

<textarea class="form-control template_data" id="content" name="content" rows="8" cols="80"></textarea>

Javascript

var my_text = "From: Foo Bar <foo@bar.com> Date: Sat, Apr 8, 2017 at 2:29 PM";
var regEx = '/<|>/g';
my_text.replace(regEx, "*");
my_text = my_text.replace("&lt;", "*");
my_text = my_text.replace("&gt;", "*");
$('#content').append(my_text);
alert(my_text);

PS

I figured there would be no way to append < | > into a textarea as html would think I was posting HTML. If there is someone that does know how to do this please let me know.

Thomas Valadez
  • 1,697
  • 2
  • 22
  • 27

4 Answers4

2

Use the RegExp, is very easy :)

var regEx = new RegExp("[<>]","g");

for replace use: 

yourString = yourString.replace(regEx, "yourReplace");

Do not forget the immutability of the string

Pr3ds
  • 393
  • 3
  • 14
  • So you cleared all the line breaks then ran it. That seems like a pretty clean solution. – Thomas Valadez May 08 '17 at 19:12
  • Not only that, but had a detail in the first replace, which was not reassigning to the String. You will not even need the other two "replace" – Pr3ds May 08 '17 at 19:14
  • @ThomasValadez why do you want to change the characters to "*"? Why not just HTML-escape them? – Pointy May 08 '17 at 22:19
  • @Pointy I was experimenting with a few things, I figured that would be the easiest option. Are you talking about something like this http://stackoverflow.com/questions/6234773/can-i-escape-html-special-chars-in-javascript – Thomas Valadez May 08 '17 at 22:52
  • I'm talking about something like my answer :) – Pointy May 08 '17 at 22:53
2

A general HTML sanitizer function really only needs one .replace() call:

var sanitize = function() {
  var map = { "<": "&lt;", ">": "&gt;", "&": "&amp;" },
      rx = /[<&>]/g;

  return function(text) {
    return text.replace(rx, function(match) {
      return map[match];
    };
  };
}();

The .replace() callback takes each matched special character and uses it as a key to lookup the replacement in a map.

With this, you can preserve the actual content for the <textarea> if you use the function on the contents when the page is prepared.

Note that you don't have to worry about this when setting the .value property of the <textarea> with JavaScript.

Pointy
  • 405,095
  • 59
  • 585
  • 614
0

You are trying to replace the escaped characters when no such characters exist in the string.

Change:

my_text = my_text.replace("&lt;", "*");
my_text = my_text.replace("&gt;", "*");

to:

my_text = my_text.replace("<", "*");
my_text = my_text.replace(">", "*");
Scott Marcus
  • 64,069
  • 6
  • 49
  • 71
  • Awesome that worked for the first line. Now I have two questions. Why doesn't the regex expression take care of that? and how would I make it span multiple lines of text? – Thomas Valadez May 08 '17 at 18:59
0

Your Problem seems to be an incorrect RegEx. Try the following:

my_text = my_text.replace(/(\<|\>)/g, '');
dinimer
  • 54
  • 4