Hi Mike, see below for my response. On Mon, 5 Oct 2015 06:22:11 +0000 (UTC) Mike Cu <mike_cu80@yahoo.com> wrote:
I have an Ajax call like : $( "#City" ).selectmenu({ select: function( event, ui ) { $.ajax({ url: '/cities', type: "POST", data: {'City':$("#City" ).val()}}).success(function(data){ $("#display").html(data);}); },
});
Your indentation in this excerpt of JavaScript code is bad. Please fix it, see: https://en.wikipedia.org/wiki/Indent_style
does the default JSON serializer escape the data to prevent XSS, or should I escape it manually?
The JSON serialiser should in general pass the text passed to it as is. As a result, you should make sure to explictly escape it somewhere else (e.g: when passing the data to the .html ( ... ) call). And it's good that you make use of jQuery. -- Shlomi -- ----------------------------------------------------------------- Shlomi Fish http://www.shlomifish.org/ My Favourite FOSS - http://www.shlomifish.org/open-source/favourite/ Chuck Norris is the greatest man in history. He killed all the great men who could ever pose a competition. — http://www.shlomifish.org/humour/bits/facts/Chuck-Norris/ Please reply to list if it's a mailing list post - http://shlom.in/reply .