Preventing HTML and Script injections in Javascript

Question

Assume I have a page with an input box. The user types something into the input box and hits a button. The button triggers a function that picks up the value typed into the

Answer 1

You can encode the < and > to their HTML equivelant.

html = html.replace(//g, ">");

How to display HTML tags as plain text