instance method String#stripTags
String#stripTags() → String
Strips a string of any HTML tags.
Note that String#stripTags
will only strip HTML 4.01 tags — like
div
, span
, and abbr
. It will not strip namespace-prefixed tags
such as h:table
or xsl:template
.
Watch out for <script>
tags in your string, as String#stripTags
will
not remove their content. Use String#stripScripts
to do so.
Caveat User
Note that the processing String#stripTags
does is good enough for most
purposes, but you cannot rely on it for security purposes. If you're
processing end-user-supplied content, String#stripTags
is not
sufficiently robust to ensure that the content is completely devoid of
HTML tags in the case of a user intentionally trying to circumvent tag
restrictions. But then, you'll be running them through
String#escapeHTML
anyway, won't you?
Examples
'a <a href="#">link</a>'.stripTags(); // -> 'a link' 'a <a href="#">link</a><script>alert("hello world!");</script>'.stripTags(); // -> 'a linkalert("hello world!");' 'a <a href="#">link</a><script>alert("hello world!");</script>'.stripScripts().stripTags(); // -> 'a link'