Outdated jQuery Secure

This page uses jQuery 3.7.1 and renders untrusted input safely via .text() (or a basic allowlist sanitizer), preventing execution of inline scripts/handlers.

jQuery version:

Safe Rendering — `.text()` / Allowlist

Do this instead

Why it’s good: using .text() escapes HTML, so payloads are shown verbatim without executing. Optionally, a tiny sanitizer can allow basic tags but strip scripts.

Paste the same payload (e.g., <img src=x onerror="alert(1)">) below.
Click Render Safely to escape everything.
Try Sanitize (basic) to allow only <b>, <i>, <u>.

Safe Rendering — .text() / Allowlist

Safe Rendering — `.text()` / Allowlist