[dancer-users] JSON serializer
Shlomi Fish
shlomif at shlomifish.org
Mon Oct 5 12:55:11 BST 2015
Hi Mike,
see below for my response.
On Mon, 5 Oct 2015 06:22:11 +0000 (UTC)
Mike Cu <mike_cu80 at yahoo.com> wrote:
> I have an Ajax call like :
> $( "#City" ).selectmenu({
> select: function( event, ui ) {
> $.ajax({ url: '/cities',
> type: "POST",
> data: {'City':$("#City"
> ).val()}}).success(function(data){ $("#display").html(data);});
> },
>
>
> });
Your indentation in this excerpt of JavaScript code is bad. Please fix it, see:
https://en.wikipedia.org/wiki/Indent_style
> does the default JSON serializer escape the data to prevent XSS, or should I
> escape it manually?
The JSON serialiser should in general pass the text passed to it as is. As a
result, you should make sure to explictly escape it somewhere else (e.g: when
passing the data to the .html ( ... ) call).
And it's good that you make use of jQuery.
-- Shlomi
--
-----------------------------------------------------------------
Shlomi Fish http://www.shlomifish.org/
My Favourite FOSS - http://www.shlomifish.org/open-source/favourite/
Chuck Norris is the greatest man in history. He killed all the great men who
could ever pose a competition.
— http://www.shlomifish.org/humour/bits/facts/Chuck-Norris/
Please reply to list if it's a mailing list post - http://shlom.in/reply .
More information about the dancer-users
mailing list