I have the following app that searches for words that you type separated by one space. You can type each word and press enter and it highlights all your words in a page. The only problem is that is not escaping HTML content so if you type any characters like < > class="" strong bold etc... it saves them to the txt variable and then it starts multiplying HTML every loop for each word in the input. I don't need the bug solved and I have a clue that it has something to do with my term and txt variable. But perhaps you can see something I don't.
var highlightRe = /<span class="highlight">(.*?)<\/span>/g,
highlightHtml = '<span class="highlight">$1</span>';
$(function() {
/////////////////////////when search value changes
$('#search').change(function() {
////////////////////////////grab #search value and split it into array
var str = document.getElementById('search').value;
var res = str.split(" ");
//////////////////replace all html text with
var txt = $('#txt').html().replace(highlightRe,'$1');
///////// x = index of array res (array of key words to search in txt)
var x=0;
//////////////check if each word exists in txt and highlight it
for (x in res) {
var term = res[x];
////////////////////////////if I sanitize term from HTML content here. Then there is no bugs but then I cannot use the letters included inside HTML tags
if(term !== '') {
txt = txt.replace(new RegExp('(' + term + ')', 'gi'), highlightHtml);
.highlight {
background-color: yellow;
As mentioned in comment, use text()
not html()
, on this line:
var txt = $('#txt').text().replace(highlightRe,'$1');