Is It Valid to Replace Http:// With // in a ≪Script Src="Http://..."≫

What do and stand for?

  • < stands for the less-than sign: <
  • > stands for the greater-than sign: >
  • stands for the less-than or equals sign:
  • stands for the greater-than or equals sign:

How To Replace with and with using jquery

The simplest thing to do would be

var $this = $(this);
var t = $this.text();
$this.html(t.replace('<','<').replace('>', '>'));

working edit/jsfiddle by Jared Farrish

How to replace and with and with jQuery or JS

Assuming you just want to escape all HTML:


Replace all strings and in a variable with and

To store an arbitrary string in XML, use the native XML capabilities of the browser. It will be a hell of a lot simpler that way, plus you will never have to think about the edge cases again (for example attribute values that contain quotes or pointy brackets).

A tip to think of when working with XML: Do never ever ever build XML from strings by concatenation if there is any way to avoid it. You will get yourself into trouble that way. There are APIs to handle XML, use them.

Going from your code, I would suggest the following:

$(function() {

$("#addbutton").click(function() {
var eventXml = XmlCreate("<event/>");
var $event = $(eventXml);

$event.attr("title", $("#titlefield").val());
$event.attr("start", [$("#bmonth").val(), $("#bday").val(), $("#byear").val()].join(" "));

if (parseInt($("#eyear").val()) > 0) {
$event.attr("end", [$("#emonth").val(), $("#eday").val(), $("#eyear").val()].join(" "));
$event.attr("isDuration", "true");
} else {
$event.attr("isDuration", "false");

$event.text( tinyMCE.activeEditor.getContent() );

$("#outputtext").val( XmlSerialize(eventXml) );


// helper function to create an XML DOM Document
function XmlCreate(xmlString) {
var x;
if (typeof DOMParser === "function") {
var p = new DOMParser();
x = p.parseFromString(xmlString,"text/xml");
} else {
x = new ActiveXObject("Microsoft.XMLDOM");
x.async = false;
return x.documentElement;

// helper function to turn an XML DOM Document into a string
function XmlSerialize(xml) {
var s;
if (typeof XMLSerializer === "function") {
var x = new XMLSerializer();
s = x.serializeToString(xml);
} else {
s = xml.xml;
return s

What's the right way to decode a string that has special HTML entities in it?

This is my favourite way of decoding HTML characters. The advantage of using this code is that tags are also preserved.

function decodeHtml(html) {
var txt = document.createElement("textarea");
txt.innerHTML = html;
return txt.value;



Entity: Bad attempt at XSS:<script>alert('new\nline?')</script><br>


Entity: Bad attempt at XSS:<script>alert('new\nline?')</script><br>

Related Topics

Leave a reply