jquery - how to escape html to prevent XSS?

Question

I\'m using laravel, when a user sends a text message, it may contain some malicious code. When I use {{}} it will show me the exact text the user has sent. If h

Answer 1

You should use jQuery text() to encode the data.

$('#mydata').text(data);

EDIT: To create the content of #mydata you can use

$('#mydata')
  .html("")
  .append($("
").text(response.name))
  .append($("
").text(response.description))