Jquery – In jQuery, I am returning HTML in a JSON result, what do I have to escape

jqueryjson

In my Ajax request (using jQuery) I am returning a JSON response.

So json.Html will have a string of HTML I want to append inside a div.

On the server side, do I have to escape the HTML at all?

In my MVC action, I am returning:

return Content("{html: ???????}, "application/json");

Best Solution

An alternative solution would be to simply return the HTML and use jQuery's load():

$('#someDiv').load('servershtml.html');

To do it your way though, you would need only to escape double quotes and backslashes.

The specification is very readable and short.

Related Solutions

Javascript – How to get jQuery to perform a synchronous, rather than asynchronous, Ajax request

From the jQuery documentation: you specify the asynchronous option to be false to get a synchronous Ajax request. Then your callback can set some data before your mother function proceeds.

Here's what your code would look like if changed as suggested:

beforecreate: function (node, targetNode, type, to) {
    jQuery.ajax({
        url: 'http://example.com/catalog/create/' + targetNode.id + '?name=' + encode(to.inp[0].value),
        success: function (result) {
            if (result.isOk == false) alert(result.message);
        },
        async: false
    });
}

Json – the correct JSON content type

For JSON text:

application/json

The MIME media type for JSON text is application/json. The default encoding is UTF-8. ^{(Source: RFC 4627)}

For JSONP (runnable JavaScript) with callback:

application/javascript

Here are some blog posts that were mentioned in the relevant comments:

Best Solution

Related Solutions

Javascript – How to get jQuery to perform a synchronous, rather than asynchronous, Ajax request

Json – the correct JSON content type

Related Question