[dancer-users] JSON serializer

Shlomi Fish shlomif at shlomifish.org
Mon Oct 5 12:55:11 BST 2015


Hi Mike,

see below for my response.

On Mon, 5 Oct 2015 06:22:11 +0000 (UTC)
Mike Cu <mike_cu80 at yahoo.com> wrote:

> I have an Ajax call like :
> $( "#City" ).selectmenu({
>                          select: function( event, ui ) {
>                          $.ajax({     url: '/cities',
>                          type: "POST",
>                          data: {'City':$("#City"
> ).val()}}).success(function(data){ $("#display").html(data);});
>                      },
> 
> 
>   });

Your indentation in this excerpt of JavaScript code is bad. Please fix it, see:

https://en.wikipedia.org/wiki/Indent_style

> does the default JSON serializer escape the data to prevent XSS, or should I
> escape it manually? 

The JSON serialiser should in general pass the text passed to it as is. As a
result, you should make sure to explictly escape it somewhere else (e.g: when
passing the data to the .html ( ... ) call).

And it's good that you make use of jQuery.

	-- Shlomi

-- 
-----------------------------------------------------------------
Shlomi Fish       http://www.shlomifish.org/
My Favourite FOSS - http://www.shlomifish.org/open-source/favourite/

Chuck Norris is the greatest man in history. He killed all the great men who
could ever pose a competition.
    — http://www.shlomifish.org/humour/bits/facts/Chuck-Norris/

Please reply to list if it's a mailing list post - http://shlom.in/reply .


More information about the dancer-users mailing list