• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

My Monkey Do

A Log of Coding Solutions

  • Home
  • Web Hosts
  • Tools
  • About

xss

Escape strings for use in JavaScript

October 26, 2015 by Webhead

When using parameters from the URL, it should always be sanitized before using it in your javascript.

Using jQuery you can easily do:

var safeString = $(“<span></span>”).text(unsafeString).html();

Using plain javascript:

var entityMap = {
    "&": "&amp;",
    "<": "&lt;",
    ">": "&gt;",
    '"': '&quot;',
    "'": '&#39;',
    "/": '&#x2F;'
  };

  function escapeHtml(string) {
    return String(string).replace(/[&<>"'\/]/g, function (s) {
      return entityMap[s];
    });
  }

The stackoverflow discussion can be found here:  http://stackoverflow.com/questions/24816/escaping-html-strings-with-jquery

 

Filed Under: Coding Tagged With: javascript, jquery, xss

Primary Sidebar

Topics

apache apple block editor chrome cms css debug eCommerce embed firebug firefox git gmail goDaddy google hosting htaccess html html 5 IE crap image iPad iPhone javascript jquery linux localization mac os x ms sql mysql open source optimize php php 5.3 responsive rest api seo svg tinymce woocommerce wordpress wpengine xss yii youtube




Categories

  • Coding
  • Off the Shelf
  • Plugins
  • Random Thoughts
  • Server Stuff
  • Tools