<html><body><div style="color:#000; background-color:#fff; font-family:HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif;font-size:16px"><div dir="ltr" id="yui_3_16_0_1_1444025894205_2521">I have an Ajax call like :</div><div id="yui_3_16_0_1_1444025894205_2626" dir="ltr"><br></div><div id="yui_3_16_0_1_1444025894205_2588" dir="ltr">$( "#City" ).selectmenu({<br class="" id="yui_3_16_0_1_1444025894205_2559">
select: function( event, ui ) {<br class="" id="yui_3_16_0_1_1444025894205_2561">
$.ajax({ url: '/cities',<br class="" id="yui_3_16_0_1_1444025894205_2563">
type: "POST",<br class="" id="yui_3_16_0_1_1444025894205_2565">
data: {'City':$("#City" ).val()}}).success(function(<wbr class="" id="yui_3_16_0_1_1444025894205_2567">data){<br class="" id="yui_3_16_0_1_1444025894205_2569">
$("#display").html(data);});<br class="" id="yui_3_16_0_1_1444025894205_2571">
},<br class="" id="yui_3_16_0_1_1444025894205_2573">
<br class="" id="yui_3_16_0_1_1444025894205_2575">
<br class="" id="yui_3_16_0_1_1444025894205_2577">
});</div><div id="yui_3_16_0_1_1444025894205_2625" dir="ltr"><br></div><div id="yui_3_16_0_1_1444025894205_2623" dir="ltr">does the default JSON serializer escape the data to prevent XSS, or should I escape it manually? <br></div></div></body></html>