...r thing; HTML <div id="mydiv" data-myval="JohnCena"></div> Script $('#mydiv').attr('data-myval', 'Undertaker'); // sets $('#mydiv').attr('data-myval'); // gets OR $('#mydiv').data('myval'); // gets value $('#mydiv').data('myval','John Cena'); // sets value ...

... when writing strings that haven't been encoded to HTML output (because of XSS). In other contexts different sub-strings are dangerous, for example, if you write an user-provided URL into a link, the sub-string "javascript:" may be dangerous. The single quote character on the other hand is dangerous...

...ith() on a single element. Note that this is just a proof of concept. <script> // This simulates the object to handle var staticObj = [ { ID: '1', Name: 'Foo' }, { ID: '2', Name: 'Foo' }, { ID: '3', Name: 'Foo' } ]; staticObj[1].children = [ { I...

...ilter input, escape output (cookie, session data are your input too) Avoid XSS (keep your HTML well formed, take a look at PHPTAL or HTMLPurifier) Defense in depth Do not expose data There is a tiny but good book on this topic: Essential PHP Security by Chris Shiflett. Essential PHP Security http...

...tton-label">{{ button.label }}</div> <div class="bb-button-description">{{ button.description }}</div> </div> Note the value of ng-click. The parameter passed to goTo() is a string from a property of the binding object (the button), but it is not wrapped in quotes. L...

...ation as a Single Page Application (SPA) and you need your client-side JavaScript to be able to pull in additional data without fully reloading the page. or B) You are building an API that third parties will be consuming and you have decided to use JSON to serialize your data. Or, possibly, you a...

I have this script: 10 Answers 10 ...

... a version which is less restrictive http://regexr.com/3e6m0. Example JavaScript implementation: var expression = /[-a-zA-Z0-9@:%._\+~#=]{1,256}\.[a-zA-Z0-9()]{1,6}\b([-a-zA-Z0-9()@:%_\+.~#?&//=]*)?/gi; var regex = new RegExp(expression); var t = 'www.google.com'; if (t.match(regex)) ...

...nse, use JSON.parse. In the OP's case, the response isn't even JSON or JavaScript, so your eval is just going to cause a SyntaxError. – Mark Amery Mar 27 '14 at 15:30 1 ...

I am trying to use an HTML button to call a JavaScript function. 10 Answers 10 ...