javascript - Avoiding HTML and Scripts tags renders -

I am working in a chat box, I use Node.js + socket.io for client-server communication. I am unable to execute PHP code (I have read that this is possible, but it is not recommended and is difficult to obtain). When users send messages with HTML or Scripts tags, everything works fine.

I have tried to remove those tags from the functions that I found. It works fine, but only for HTML tags, so I thought: Okay, I can remove script tags first by using regular expressions. Something like

.replace (/ & lt; script. * & Gt;. * & Lt; / script / gt; / ims, "")

And then delete the HTML tags, but I'm not sure this method is hex proof, and this is a lot of process for each message.

text $ ("# div"). Attachment (message); Without HTML / Javascript code --- Print the text in the same way as if, in it, if you send a message with HTML / JS / PHP code, then the message Is printed in the same way.

Or, what is another way to delete the tag?

Thank you for your time.

Just add a text message as a set to the text.

  $ ("# div"). Attached ($ ("
"). Text (message));