prcoder
Reputation: 164
JSON stringify issue with NodeJS and EJS
I am doing this
var o = <%- JSON.stringify(object) %>;
in a code with following output
var o = {"_id":"57bafa202acb57b8ab000013","status":"incomplete","title":"<script>alert(1);</script>","updated_at":"2016-08-22T18:42:00+05:30","id":"57bafa202acb57b8ab000013"};
and the following error.
Uncaught SyntaxError: Invalid or unexpected token
There is a title attribute with a "<script>alert(1);</script>" in the object. How do I deal with this?
Upvotes: 2
Views: 1309
Answers (1)
robertklep
Reputation: 203286
You need to replace the <'s, for instance by using a Unicode escape:
var o = <%- JSON.stringify(object).replace(/</g, '\\u003c') %>;
Upvotes: 2
Related Questions
- Stringifying JSON data loses object I'm trying to stringify
- JSON stringify returns [object Object]
- JSON.stringify does not represent Object which was Stringified
- When I JSON.stringify(object) I get a crazy string as a value
- JSON.stringify missing properties
- JSON.stringify() not working correctly - Second parameter disappears
- Node.js - Body is messed up when using json.stringify
- JSON.stringify fails on a newly created object (node, javascript)
- In nodejs, when use json.stringify() -> error
- JSON.stringify doesn't work in circulative JSON object. What to do?