What is the best way to escape HTML on ExtJS application generally?

前端 未结 3 1525
执念已碎
执念已碎 2021-02-13 22:33

I am developing a web application using ExtJS to build GUI and communicate with server via RESTful web-service (the returned data is formatted as JSON objects).
Now I am hav

相关标签:
3条回答
  • 2021-02-13 22:44

    Everything depends on your use case, but what I do is - escape all HTML code on server side, so that there are no 'forgotten' places by mistake. That of course creates problems, when these data need to be loaded in form fields, because they are escaped. The easiest solution is to override setValue for all form fields and use Extjs htmlDecode function, which will revert these values back to normal.

    Ext.override(Ext.form.field.Base, {
        setValue: function(val) {
            val = Ext.util.Format.htmlDecode(val);
            return this.callParent([val]);
        }
    });
    
    0 讨论(0)
  • 2021-02-13 22:53

    If you're using Ext.XTemplate, you can escape html in fields like this:

    var tpl = new Ext.XTemplate(
        '<p>My Field: {myField:htmlEncode}</p>'
    );
    
    0 讨论(0)
  • 2021-02-13 23:05

    This link has a excellent answer by jack.slocum : https://www.sencha.com/forum/showthread.php?13913

    grid.on('validateedit', function(e){
       e.value = Ext.util.Format.stripTags(e.value);
    });

    Util method Ext.util.Format.stripTags() removes all the html/script tags.

    0 讨论(0)
提交回复
热议问题