Regex to match html tags excluding some

I want remove all html opening/closing tags (including attributes) that are not present in my list

const allowedTags = ['a', 'b', 'i', 's', 'u', 'sup', 'sub', 'strong', 'cite', 'code', 'del', 'em'];

Example

input

<b><i><img src="http://example.com"/>Test<strong>Passed</strong><span>without any errors</span><a href="http://example.com">click here</a></b></i>

output

<b><i>Test<strong>Passed</strong>without any errors<a href="http://example.com">click here</a></b></i>

I tried this

let regex = new RegExp(`<\/?(?!${allowedTags.join('|')})[^>]*>`, 'g')
str.replace(regex, '')

What I wanted to achieve

• < starts with <
• \/? may or not contain the /
• (?!${allowedTags.join('|')}) none of those tags (new to Negative Lookahead)
• [^>]* anything not a > (to get the attributes)
• > ends with >

As discussed in the comments before, don't try to do that with a regular expression. You'll lead to problems and severe security holes.

Seems that sanitize-html or DOMPurify will be the best option for your case.

If your backend is running on another techno, such as PHP, then don't forget that you should also sanitize server-side with a lib like Symfony's HTML sanitizer, as spoofing an HTTP Post request is very easy to do.

The JavaScript sanitizing on the front side should also be done to protect the user from a copy-paste of evil HTML.