Home/ Questions/Q 8455001
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-10T12:10:25+00:00

Most MVC frameworks support escaping of server data, before putting them on the web

  • 0

Most MVC frameworks support escaping of server data, before putting them on the web page. I couldn’t find any option in jQuery‘s ajax method to do the same. In fact, I couldn’t even find a native jQuery function to escape strings for proper display on the page (Putting the contents in a div, and calling .html() on it, is not guaranteed to preserve white space). Why is it that this function is not available in jQuery, but you can find it in underscore and prototype libraries ?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    I think you mean you want to prevent HTML markup (e.g. <br/>, <a>, &) from being treated as HTML markup: you just want to display it straight to the user. This helps to prevent attacks like XSS (cross-site scripting).

    This is actually very easy with jQuery, but it isn’t the same as escaping. It’s just using the text method, which means the content is treated as textual content, not as markup.

    $.ajax({
    url: 'someurl',
    success: function(data) {
        $('#yourElement').text(data);
    }
});

    It is different working client-side to server-side. Working server-side, you are dealing with markup, which needs to be escaped to stop the parser treating content that should be text as markup. On the client-side, the markup is already parsed, so all you need is to tell the browser “this is text content”. This can be done in a variety of ways (innerText, document.createTextNode, or even document.createCDATASection); jQuery’s data method does this for you.

    • 0