I know that I can use $.html to set the HTML content of something, and $.text to set the content (and that this escapes the HTML).

Unfortunately, I'm using $.append, which doesn't escape the HTML.

I've got something like this:

function onTimer() {

$.getJSON(url, function(data) {

$.each(data, function(i, item) {

$('#messages').append(item);

}

}

}

...where the url returns an array of strings. Unfortunately, if one of those strings is (e.g.) alert('Hello'), this gets executed.

How do I get it to escape HTML?

解决方案

Check out how jQuery does it:

text: function( text ) {

if ( typeof text !== "object" && text != null )

return this.empty().append( (this[0] && this[0].ownerDocument || document).createTextNode( text ) );

var ret = "";

jQuery.each( text || this, function(){

jQuery.each( this.childNodes, function(){

if ( this.nodeType != 8 )

ret += this.nodeType != 1 ?

this.nodeValue :

jQuery.fn.text( [ this ] );

});

});

return ret;

},

So something like this should do it:

$('#mydiv').append(

document.createTextNode('Hey There!')

);

EDIT: Regarding your example, it's as simple as:

$('#messages').append(document.createTextNode(item));

Logo
魔乐社区

魔乐社区(Modelers.cn) 是一个中立、公益的人工智能社区,提供人工智能工具、模型、数据的托管、展示与应用协同服务,为人工智能开发及爱好者搭建开放的学习交流平台。社区通过理事会方式运作,由全产业链共同建设、共同运营、共同享有,推动国产AI生态繁荣发展。

更多推荐

cover

替你试过了,消费级显卡可以跑的开源文生图SOTA模型,顶级渲染、高密度文本绘图

avatar 魔乐社区
cover

量化挑战赛冠军专访:4小时啃下W4A8量化,我靠的是这些经验

avatar 魔乐社区
cover

从0到1:魔乐社区贡献者丁一超的大模型量化实战指南

avatar 魔乐社区