[Dojo-interest] tools for escaping HTML in data
Bill Higgins
billhigg at gmail.com
Mon Feb 26 11:25:01 MST 2007
A pattern we've noticed on my project is that sometimes we get data back
from the server, and this gets woven into the page via innerHTML. This of
course is a problem for data that includes HTML, especially <script> tags.
My first reaction is that our code can simply do replacements on the angle
brackets with the corresponding HTML entity character.
I'm wondering if Dojo has any utility functions to handle this case of
'making data safe for embedding in the page'.
--
- Bill
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://dojotoolkit.org/pipermail/dojo-interest/attachments/20070226/0bb915a7/attachment.html
More information about the Dojo-interest
mailing list