Reputation: 101
Making safe ajax calls with jQuery
I noticed that certain characters entered in text box and sent through Jquery Ajax request as parms are being mis-interpretted. (at least from my point of view). The "&" creates a new unwanted parm. The "+" disappears entirely.
I want to get value of text box and convert to html entities. Something like this I think:
SafeParm = $("#myDIV").val().html();
Any other recommendations for making for making safe ajax calls with jQuery are welcome.
Upvotes: 3
Views: 1084
Answers (4)
Reputation: 21519
In this case, encodeURIComponent is what you want. There are weird edge cases where escape may not do exactly what you want it to. See: http://xkr.us/articles/javascript/encode-compare/
Upvotes: 2
Reputation: 187040
You have to encode the parameters passed to a request.
See Encoding html using javascript's escape & unescape
You can escape $("#myDIV").val() where myDiv is the id of your textbox.
Upvotes: 0
Reputation: 42350
use want the escape function:
SafeParm = escape($("#myDIV").val().html());
Upvotes: 2
Related Questions
- Security risk in using jQuery Ajax
- AJAX and PHP communication : the safe way
- Best Practice with jQuery and AJAX calls
- Making AJAX calls secure
- howto make secure ajax requests with jquery?
- How to "Secure" AJAX calls?
- JS Code over AJAX with jQuery - is this method safe?
- Question about AJAX safety please inquire
- Security of AJAX requests
- ajax security?