Tag: xss

Escape strings for use in JavaScript

When using parameters from the URL, it should always be sanitized before using it in your javascript. Using jQuery you can easily do: var safeString = $(“<span></span>”).text(unsafeString).html(); Using plain javascript: var entityMap = { “&”: “&amp;”, “<“: “&lt;”, “>”: “&gt;”,

Tagged with: , ,
Top