jQuery Ajax防止XSS

Question

I receive information from server (user_agent string) by getJSON and insert it into the table. But I think that the code below is not safe because somebody can change user_agent variable to inject a string with related consequences.

In code below the value is the server's returned string.

$.each(this, function(){
    var new_row="";
    var columns="";
    $.each(this, function(key,value) {
        columns+="<td>"+value+"</td>";
    });
    new_row+='<div id="whoer_rows" style="display:none"><table border="1"><tr>'+columns+'</tr></table></div>';
});

I tried to use jquery's method text() like:

columns+=$("<td></td>").text(value);

But I can't to adapt new_row to correct jquery syntax

Answer 1

Solve it!

$.each(this, function(){
    var columns="";
    $.each(this, function(key,value) {
        columns+="<td>"+value+"</td>";
    });

    var $tr=$("<tr></tr>").append(columns);
    var $table=$("<table></table>");
    var $div=$("<div></div>");

    $table.append($tr).appendTo($div);
    $div.prependTo("#whoer");
});