[Dojo-interest] tools for escaping HTML in data
billhigg at gmail.com
Mon Feb 26 11:25:01 MST 2007
A pattern we've noticed on my project is that sometimes we get data back
from the server, and this gets woven into the page via innerHTML. This of
course is a problem for data that includes HTML, especially <script> tags.
My first reaction is that our code can simply do replacements on the angle
brackets with the corresponding HTML entity character.
I'm wondering if Dojo has any utility functions to handle this case of
'making data safe for embedding in the page'.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Dojo-interest