model.escape

escapemodel.escape(attribute)
Similar to get, but returns the HTML-escaped version of a model's attribute. If you're interpolating data from the model into HTML, using escape to retrieve attributes will prevent XSS attacks.

var hacker = new Backbone.Model({
  name: "<script>alert('xss')</script>"
});

alert(hacker.escape('name'));

Links:

http://backbonejs.org/index#Model-escape

doc_Backbone

2025-01-10 15:47:30

Comments

Popular Articles

escape escape(str) Instance Public methods

_.escape _.escape([string='']) source npm package Converts the characters "&", "<", ">", '"', and "'" in string to their corresponding HTML entiti

escape escape(str) Class Public methods Alias for: shellescape

escape escape(*arg) Instance Public methods Synopsis URI.escape(str [, unsafe]) Args str String to replaces in. unsafe Regexp that match

Escaper implements Phalcon\EscaperInterface Source on GitHub Escapes different kinds of text securing them. By using this component you may prevent XSS attac