Loading ...
Sorry, an error occurred while loading the content.

1227Re: JSON string possible escape character problem

Expand Messages
  • Douglas Crockford
    Mar 23, 2009
    • 0 Attachment
      --- In json@yahoogroups.com, "violinssoundcool" <violinssoundcool@...> wrote:
      >
      > Hi. I'm using JSON with JQGrid in an inquiry program. I'm building a JSON string with the server-side program, and the string contains an HTML hyperlink tag. Thus, the string should look something like this:
      >
      > {"rows":[
      > {"divisionNumber":"4","divisionName":"<a href=\"inv0004?productGroup=\"WFB\"&division=\"4\">MONTGOMERY - NEW STEEL</a>","onHandWeight":"336660.28","percentOfTotal":"3.74","perLbCost":".45","avgMonthlyWeight":"223615","monthsSupply":"3.37","turnoverRate":"4.69"}]}
      >
      > This string works enough. The link show up, but when I click on it, it takes me to a URL of "inv0004?productGroup=". Is there another character that needs to be escaped?


      The string appears to be properly escaped from JSON's perspective. Your problem lies elsewhere.

      I think it is extremely unwise to pass strings received from the network into innerHTML. That pattern is insecure.
    • Show all 7 messages in this topic