Stack Overflow
Stack Overflow

Stop – Rory McCrossan Feb 23 '16 at 13:53

  • @RoryMcCrossan in php exist function [htmlspecialchars()](http://php.net/manual/ru/function.htmlspecialchars.php). it is posible in javascript? – Nik Feb 23 '16 at 14:03
  • It is, but that's what `text()` does (in effect) and you said that would not fit you needs. – Rory McCrossan Feb 23 '16 at 14:05
  • @RoryMcCrossan we can not use function text() becouse in success exist function which output this and other code with html(). but now idea use analog htmlspecialchars() before html(). – Nik Feb 23 '16 at 14:30
  • @RoryMcCrossan for example can use [this](http://stackoverflow.com/a/4835406/5398808) and then make function with html() – Nik Feb 23 '16 at 14:32

    • 1 Answers1

    1

    Replace in the input the string "script" with "code"... that way it will be output as "text". something like this maybe...

    $('.edit').editable({
params: function(params) {
    var data = {};
    data['id']          = params.pk;
    data[params.name]   = params.value;
    return data;
},
success: function(response, newValue){
    //gi: Perform a global, case-insensitive replacement:
    newValue = newValue.replace(/script/gi, "code");
    $(".test").html(newValue); 
    //if newValue will be <script>alert('hello')</scipt>
    // then we see alert message with 'hello'
}
});

    JavaScript String replace() Method

    DIEGO CARRASCAL
    • 1,999
    • 14
    • 16