Jquery ajax prevent xss
Question
I receive information from server (user_agent string) by getJSON and insert it into the table. But I think that the code below is not safe because somebody can change user_agent variable to inject a string with related consequences.
In code below the value is the server's returned string.
$.each(this, function(){
var new_row="";
var columns="";
$.each(this, function(key,value) {
columns+="<td>"+value+"</td>";
});
new_row+='<div id="whoer_rows" style="display:none"><table border="1"><tr>'+columns+'</tr></table></div>';
});
I tried to use jquery's method text() like:
columns+=$("<td></td>").text(value);
But I can't to adapt new_row to correct jquery syntax
1 answers
solution1
0 2013-10-31 22:35:48
Solve it!
$.each(this, function(){
var columns="";
$.each(this, function(key,value) {
columns+="<td>"+value+"</td>";
});
var $tr=$("<tr></tr>").append(columns);
var $table=$("<table></table>");
var $div=$("<div></div>");
$table.append($tr).appendTo($div);
$div.prependTo("#whoer");
});
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.
Related Question
Prevent XSS in jQuery html()
Prevent XSS in javascript on data received by ajax
jquery - how to escape html to prevent XSS?
DOM XSS issue with ajax return value in jquery
How can I prevent XSS for an keyup() jQuery event?
Filter JSON response on a jQuery ajax request, for XSS text
angularjs prevent XSS attacks
Does 'innerText' prevent XSS?
Need to prevent XSS attacks?
Prevent XSS in CKEditor
Related Tags