What is the best way to escape HTML on ExtJS application generally?

前端 未结 3 1526
执念已碎
执念已碎 2021-02-13 22:33

I am developing a web application using ExtJS to build GUI and communicate with server via RESTful web-service (the returned data is formatted as JSON objects).
Now I am hav

3条回答
  •  慢半拍i
    慢半拍i (楼主)
    2021-02-13 22:44

    Everything depends on your use case, but what I do is - escape all HTML code on server side, so that there are no 'forgotten' places by mistake. That of course creates problems, when these data need to be loaded in form fields, because they are escaped. The easiest solution is to override setValue for all form fields and use Extjs htmlDecode function, which will revert these values back to normal.

    Ext.override(Ext.form.field.Base, {
        setValue: function(val) {
            val = Ext.util.Format.htmlDecode(val);
            return this.callParent([val]);
        }
    });
    

提交回复
热议问题