{"id":1255,"date":"2015-10-26T11:24:02","date_gmt":"2015-10-26T21:24:02","guid":{"rendered":"http:\/\/mymonkeydo.com\/?p=1255"},"modified":"2015-10-26T11:24:02","modified_gmt":"2015-10-26T21:24:02","slug":"escape-strings-for-use-in-javascript","status":"publish","type":"post","link":"https:\/\/mymonkeydo.com\/escape-strings-for-use-in-javascript\/","title":{"rendered":"Escape strings for use in JavaScript"},"content":{"rendered":"
When using parameters from the URL, it should always be sanitized before using it in your javascript.<\/p>\n
Using jQuery you can easily do:<\/p>\n
var safeString = $(“<span><\/span>”).text(unsafeString).html();<\/p>\n
Using plain javascript:<\/p>\n
var<\/span> entityMap <\/span>=<\/span> {<\/span>\n \"&\"<\/span>:<\/span> \"&\"<\/span>,<\/span>\n \"<\"<\/span>:<\/span> \"<\"<\/span>,<\/span>\n \">\"<\/span>:<\/span> \">\"<\/span>,<\/span>\n '\"'<\/span>:<\/span> '"'<\/span>,<\/span>\n \"'\"<\/span>:<\/span> '''<\/span>,<\/span>\n \"\/\"<\/span>:<\/span> '/'<\/span>\n };<\/span>\n\n function<\/span> escapeHtml<\/span>(<\/span>string<\/span>)<\/span> {<\/span>\n return<\/span> String<\/span>(<\/span>string<\/span>).<\/span>replace<\/span>(<\/span>\/[&<>\"'\\\/]\/<\/span>g<\/span>,<\/span> function<\/span> (<\/span>s<\/span>)<\/span> {<\/span>\n return<\/span> entityMap<\/span>[<\/span>s<\/span>];<\/span>\n });<\/span>\n }\n<\/span><\/code>\n<\/pre>\n