去掉innerHTML获得内容里面的标签:
<body>
<div id="d1"><p id="p1">hello world </p></div>
<!-- javascript:alert(document.getElementById('test').innerHTML.replace(/<.+?>/gim,''))"> /& lt;.+?>/gim,''-->
<script>
var content = document.getElementById("d1");
alert(content.innerHTML);
alert(content.innerHTML.replace(/<.+?>/gim,''));
</script>
</body>