instance method String#stripTags

View source on GitHub →

String#stripTags() → String

Strips a string of any HTML tags.

Note that String#stripTags will only strip HTML 4.01 tags — like div, span, and abbr. It will not strip namespace-prefixed tags such as h:table or xsl:template.

Watch out for <script> tags in your string, as String#stripTags will not remove their content. Use String#stripScripts to do so.

Caveat User

Note that the processing String#stripTags does is good enough for most purposes, but you cannot rely on it for security purposes. If you're processing end-user-supplied content, String#stripTags is not sufficiently robust to ensure that the content is completely devoid of HTML tags in the case of a user intentionally trying to circumvent tag restrictions. But then, you'll be running them through String#escapeHTML anyway, won't you?

'a <a href="#">link</a>'.stripTags();
 // -> 'a link'
 'a <a href="#">link</a><script>alert("hello world!");</script>'.stripTags();
// -> 'a linkalert("hello world!");'
 'a <a href="#">link</a><script>alert("hello world!");</script>'.stripScripts().stripTags();
// -> 'a link'