Menu
I've been using Microsoft's AntiXss Library and was wondering if there is a good reason why its JavaScriptEncode method wraps the result in single quotes? That behavior seems unconventional.
326
Actually the new 3.0beta version has a flag JavaScriptEncode(string input, bool flagforQuote). Setting it to false, yields a result without quotes.
http://www.microsoft.com/downloads/details.aspx?familyid=051EE83C-5CCF-48ED-8463-02F56A6BFC09&displaylang=en
98
Probably to make sure it is returning a string. The usage I've seen is to take input and return a value that you can assign to a variable in javascript.
var message=<%=AntiXss.JavaScriptEncode(message)%>;
Now, no matter what was in message, the js variable message will have the exact input escaped appropriately so if some jerk tried to inject javascript into that message they'd just see the result of their message being assigned to the message variable.
22
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
