jQuery Strip Harmful Characters from String

Sam Deering
Sam Deering
Published in
JavaScript·jQuery·
·Updated:

Share this article

SitePoint Premium
Stay Relevant and Grow Your Career in Tech
  • Premium Results
  • Publish articles on SitePoint
  • Daily curated jobs
  • Learning Paths
  • Discounts to dev tools

7 Day Free Trial. Cancel Anytime.

jQuery Function to strip out all potentially harmful characters from an input field. Useful for extra security measures of filtering requests to your server before using AJAX for example.

Also see: 10 jQuery Security Plugins



/**
 * Strip out all potentially harmful characters from an input field
 * @param {String} str
 * @returns {String}
 */
filterInputText = function(str)
{
	try
	{
		return str.replace(/s+/gm, ' ').match(/[a-zA-Z0-9(), .!/:%@&?+_=-$]+/gm).join('');
	}
	catch(e)
	{
		return '';
	}
}

Frequently Asked Questions (FAQs) about jQuery and String Manipulation

What is the purpose of using jQuery to strip harmful characters from a string?

jQuery is a powerful JavaScript library that simplifies HTML document traversing, event handling, animating, and Ajax interactions for rapid web development. When it comes to string manipulation, jQuery can be used to strip harmful characters from a string. This is particularly useful in preventing cross-site scripting (XSS) attacks, where an attacker injects malicious scripts into webpages viewed by other users. By stripping harmful characters, you can sanitize user input and make your web application more secure.

How does the jQuery .replace() function work?

The .replace() function in jQuery is used to replace specified values in a string. It takes two parameters: the value to find and the value to replace it with. This function is case-sensitive, meaning it will only replace exact matches. If you want to replace all occurrences of a value, you need to use a regular expression with a global modifier (g).

Can I use jQuery to remove a specific character from a string?

Yes, you can use jQuery to remove a specific character from a string. This can be done using the .replace() function with a regular expression. For example, to remove all occurrences of the letter ‘a’ from a string, you would use the following code: var str = “This is a test string”; var newStr = str.replace(/a/g, “”); This will return the string “This is test string”.

What are some common harmful characters that should be stripped from a string?

Some common harmful characters that should be stripped from a string include script tags (<script>), angle brackets (<, >), and quotation marks (“, ‘). These characters can be used to inject malicious scripts into your webpage, leading to cross-site scripting (XSS) attacks.

How can I strip all non-alphanumeric characters from a string using jQuery?

You can strip all non-alphanumeric characters from a string using jQuery by using the .replace() function with a regular expression. The following code will remove all non-alphanumeric characters from a string: var str = “This is a test string!”; var newStr = str.replace(/\W/g, “”); This will return the string “Thisisateststring”.

Can I use jQuery to replace multiple different characters in a string?

Yes, you can use jQuery to replace multiple different characters in a string. This can be done by chaining .replace() functions together. For example, to replace all occurrences of the letters ‘a’ and ‘b’ with the letter ‘c’, you would use the following code: var str = “This is a test string”; var newStr = str.replace(/a/g, “c”).replace(/b/g, “c”);

What is the difference between .replace() and .replaceAll() in jQuery?

The .replace() function in jQuery replaces the first occurrence of a specified value in a string, while the .replaceAll() function replaces all occurrences of a specified value. However, if you use a regular expression with a global modifier (g) in the .replace() function, it will also replace all occurrences.

Can I use jQuery to strip harmful characters from a string in real-time, as the user types?

Yes, you can use jQuery to strip harmful characters from a string in real-time as the user types. This can be done by attaching a keyup event handler to the input field and using the .replace() function to strip the harmful characters each time the user presses a key.

How can I use jQuery to strip HTML tags from a string?

You can use jQuery to strip HTML tags from a string by using the .replace() function with a regular expression. The following code will remove all HTML tags from a string: var str = “

This is a test string

“; var newStr = str.replace(/<[^>]*>/g, “”); This will return the string “This is a test string”.

Can I use jQuery to strip harmful characters from a string in a textarea?

Yes, you can use jQuery to strip harmful characters from a string in a textarea. This can be done by getting the value of the textarea using the .val() function, stripping the harmful characters using the .replace() function, and then setting the value of the textarea with the sanitized string.

Sam DeeringSam Deering

Sam Deering has 15+ years of programming and website development experience. He was a website consultant at Console, ABC News, Flight Centre, Sapient Nitro, and the QLD Government and runs a tech blog with over 1 million views per month. Currently, Sam is the Founder of Crypto News, Australia.

jQuery

Share this article

Related articles
Anatomy of a JavaScript MV* Framework
Anatomy of a JavaScript MV* Framework

Published in

·AngularJS·Ember.js·JavaScript·Tools & Libraries·

September 25, 2014

Requesting Runtime Permissions in Android M and N
Requesting Runtime Permissions in Android M and N

Published in

·Android·Mobile·

June 7, 2016

Geo-Targeting WordPress Content to Personalize Your Site
Geo-Targeting WordPress Content to Personalize Your Site

Published in

·WordPress·

August 2, 2017

How to Set Up a Vue Development Environment
How to Set Up a Vue Development Environment

Published in

·JavaScript·Vue.js·

August 6, 2019

AtoZ CSS Screencast: Unicode Range and @font-face
AtoZ CSS Screencast: Unicode Range and @font-face

Published in

·CSS·HTML & CSS·

October 27, 2016

Mobile Web Superpowers: Ambient Light API
Mobile Web Superpowers: Ambient Light API

Published in

·Design·JavaScript·Mobile·Mobile Web Development·

July 4, 2014

Quick Tip: How to Convert a Number to a String in JavaScript
Quick Tip: How to Convert a Number to a String in JavaScript

Published in

·JavaScript·

September 1, 2022

Quick Tip: How to Convert Numbers to Ordinals in JavaScript
Quick Tip: How to Convert Numbers to Ordinals in JavaScript

Published in

·JavaScript·

September 8, 2022

Stuff we do
PremiumNewslettersLearning pathsLibraryForums
Contact
Contact usFAQPublish your book with usWrite an article with usAdvertise
About
Our storyCorporate membershipsStart free trialLogin
Connect
RSSFacebookInstagramTwitter (X)
SitePoint
Subscribe to our newsletter

Get the freshest news and resources for developers, designers and digital creators in your inbox each week

© 2000 – 2025 SitePoint Pty. Ltd.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Privacy PolicyTerms of Service