model.escape

escapemodel.escape(attribute)
Similar to get, but returns the HTML-escaped version of a model's attribute. If you're interpolating data from the model into HTML, using escape to retrieve attributes will prevent XSS attacks.

var hacker = new Backbone.Model({
  name: "<script>alert('xss')</script>"
});

alert(hacker.escape('name'));

Links:

http://backbonejs.org/index#Model-escape

doc_Backbone

2016-04-17 12:21:37

Comments

Popular Articles

_.escape _.escape([string='']) source npm package Converts the characters "&", "<", ">", '"', and "'" in string to their corresponding HTML entiti

escape escape(str) Instance Public methods

escape escape(str) Instance Public methods Escapes HTTP reserved and unwise characters in str

_.escape escape_.escape(string) Escapes a string for insertion into HTML, replacing &, <, >, ", `, and ' characters. _.escape('Curly, Larry &

escape escape(string) Class Public methods Escapes &, â, > and < in string