去掉innerHTML获得内容里面的标签:
<body> <div id="d1"><p id="p1">hello world </p></div> <!-- javascript:alert(document.getElementById('test').innerHTML.replace(/<.+?>/gim,''))"> /& lt;.+?>/gim,''--> <script> var content = document.getElementById("d1"); alert(content.innerHTML); alert(content.innerHTML.replace(/<.+?>/gim,'')); </script> </body>