StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

POAppend html to jQuery element without running scripts inside the html
primarykey
Id
5550633
data
AcceptedAnswerId
5550729
AnswerCount
3
ClosedDate
CommentCount
0
CommunityOwnedDate
CreationDate
2011-04-05T10:50:29.063
FavoriteCount
7
LastActivityDate
2013-02-06T17:05:24.920
LastEditDate
2017-05-23T10:29:27.863
LastEditorUserId
-1
OwnerUserId
185596
ParentId
0
PostTypeId
1
Score
13
ViewCount
9441
LastEditorDisplayName
text
Body
<p>I have written some code that takes a string of html and cleans away any ugly HTML from it using jQuery (see an early prototype in <a href="https://stackoverflow.com/questions/5337809/is-it-wise-to-use-jquery-for-whitelisting-tags-are-there-existing-solutions-in-j">this SO question</a>). It works pretty well, but I stumbled on an issue:</p> <p>When using .append() to wrap the html in a div, all script elements in the code are evaluated and run (see <a href="https://stackoverflow.com/questions/610995/jquery-cant-append-script-element/3603496#3603496">this SO answer</a> for an explanation why this happens). I don't want this, I really just want them to be removed, but I can handle that later myself as long as they are not run.</p> <p>I am using this code:</p> <pre><code>var wrapper = $('<div/>').append($(html)); </code></pre> <p>I tried to do it this way instead:</p> <pre><code>var wrapper = $('<div>' + html + '</div>'); </code></pre> <p>But that just brings forth the "Access denied" error in IE that the append() function fixes (see the answer I referenced above).</p> <p>I think I might be able to rewrite my code to not require a wrapper around the html, but I am not sure, and I'd like to know if it is possible to append html without running scripts in it, anyway.</p> <h2>My questions:</h2> <ul> <li><p>How do I wrap a piece of unknown html without running scripts inside it, preferably removing them altogether?</p></li> <li><p>Should I throw jQuery out the window and do this with plain JavaScript and DOM manipulation instead? Would that help?</p></li> </ul> <h2>What I am not trying to do:</h2> <p>I am not trying to put some kind of security layer on the client side. I am very much aware that it would be pointless.</p> <h2>Update: James' suggestion</h2> <p>James suggested that I should filter out the script elements, but look at these two examples (the original first and the James' suggestion):</p> <pre><code>jQuery("<p/>").append("<br/>hello<script type='text/javascript'>console.log('gnu!'); </script>there") </code></pre> <p>keeps the text nodes but writes gnu!</p> <pre><code>jQuery("<p/>").append(jQuery("<br/>hello<script type='text/javascript'>console.log('gnu!'); </script>there").not('script'))` </code></pre> <p>Doesn't write gnu!, but also loses the text nodes.</p> <h2>Update 2:</h2> <p>James has updated his answer and I have accepted it. See my latest comment to his answer, though.</p>
Tags
<javascript><jquery><dom>
Title
Append html to jQuery element without running scripts inside the html
singulars
PostAcceptedAnswerId
1. PO
  singulars
  PostTypePostTypeId
  PTAnswer
PostParentId
1. This table or related slice is empty.
PostTypePostTypeId
1. PTQuestion
UserLastEditorUserId
1. USCommunity
UserOwnerUserId
1. USPeter Jaric
plurals
PostLinksPostIdRelatedPostId
1. PL
  singulars
  LinkTypeLinkTypeId
  LTLinked
2. PL
  singulars
  LinkTypeLinkTypeId
  LTLinked
3. PL
  singulars
  LinkTypeLinkTypeId
  LTLinked
PostLinksRelatedPostIdPostId
1. This table or related slice is empty.
PostsAcceptedAnswerId
1. This table or related slice is empty.
PostsParentIdCreationDate
1. PO
  singulars
  PostTypePostTypeId
  PTAnswer
2. PO
  singulars
  PostTypePostTypeId
  PTAnswer
3. PO
  singulars
  PostTypePostTypeId
  PTAnswer
VotesPostIdCreationDate
1. VO
  singulars
  PostPostId
  POAppend html to jQuery element without running scripts inside the html
  UserUserId
  USJean-Baptiste
  VoteTypeVoteTypeId
  VTFavorite
2. VO
  singulars
  PostPostId
  POAppend html to jQuery element without running scripts inside the html
  UserUserId
  This table or related slice is empty.
  VoteTypeVoteTypeId
  VTUpMod
3. VO
  singulars
  PostPostId
  POAppend html to jQuery element without running scripts inside the html
  UserUserId
  USStan
  VoteTypeVoteTypeId
  VTFavorite
CommentsPostId
1. This table or related slice is empty.

Querying!

Guidance

A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.