This is a port of the PrototypeJS method stripTags
.
It strips a string of any HTML 4.01 tags — like div
, span
, and abbr
.
It will not, however, strip namespace-prefixed tags such as h:table
or
xsl:template
. Nor will it remove any content from within <script>
tags.
Lastly, while stripTags
is good enough for most purposes, it shouldn't be
relied upon for security purposes. If processing end-user supplied content,
stripTags
is not sufficiently robust enough to ensure that the content is
completely devoid of HTML tags in the case of an end-user who's intentionally
trying to circumvent a tag restriction.
npm install @ramumb/strip-tags
var stripTags = require('strip-tags');
stripTags('a <a href="#">link</a>');
// -> 'a link'
stripTags('a <a href="#">link</a><script>alert("hello world!");</script>');
// -> 'a linkalert("hello world!");'
stripTags('<xsl:template match="/"><html><body><h2>My CD Collection</h2><xsl:apply-templates/></body></html></xsl:template>');
// -> '<xsl:template match="/">My CD Collection<xsl:apply-templates/></xsl:template>'
npm test
In lieu of a formal style guide, take care to maintain the existing coding style. Add unit tests for any new or changed functionality. Lint and test your code. See the CONTRIBUTING file for more detailed information.