Do I need to "clean up" after HTML Escape a Javascript string?

Question

I have a Javascript application where I need to escape characters like "<" and ">" in a string.

This looks like an ideal solution:

function escapeHTML(str){
    var p = document.createElement("p");
    p.appendChild(document.createTextNode(str));
    return p.innerHTML;
}

or a short alternative using the Option() constructor

function escapeHTML(str){
    return new Option(str).innerHTML;
}

Q: Does this actually add "p" (and the associated text) to my DOM?

Q: Do I need a "removeChild()" or any other "cleanup" if all I want to save is the escaped string?

" I have a Javascript application where I need to escape characters like "<" and ">" in a string." - why? Are you presenting them somewhere? At which case don't escape them ad-hoc and instead set the textContent of elements instead of their innerHTML — Benjamin Gruenbaum, May 18 '18 at 22:27

score 4 · Accepted Answer · answered May 18 '18 at 22:14

4

A1: No, that would be if the function also called document.body.appendChild(p);

A2: No, as you can probably guess from A1. After the function returns, its local variables are discarded, the p becomes unreachable, and will eventually be garbage-collected.

answered May 18 '18 at 22:14

Máté Safranka

4,081
1
10
22

Perfect - exactly what I wanted to confirm. Thank you very much! – paulsm4 May 19 '18 at 03:52

Do I need to "clean up" after HTML Escape a Javascript string?

1 Answers1