Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to encode javascript string for display and post back?

Tags:

json

encode

asp.net-mvc

knockout.js

knockout-mvc

I have an MVC application that is rendering rendering the following javascript on the client:

var rawData = [{"ID":5317,"Code":"12345","Description":"sometext \u003c/= 100"}];

The JSON data is a result of serializing an object using the JavaScriptSerializer and then running the result through the Html.Raw() helper.

This data is then used to load a knockout view model and display a popup on hover. In the popup, only the "sometext" portion of the "Description" property is being shown as the string gets converted to the unencoded version when setting the rawData variable (i.e. \u003c is converted to <).

Also, this data ends up being sent back to the server upon saving of data, and the ASP.NET validation kicks in and fails the request as it detects the "

I've worked around this, temporarily, by adding a computed property to my Knockout View Model like so:

self.DescriptionEncoded = ko.observable('');
self.Description = ko.computed({
             read: function() {
                  return self.DescriptionEncoded ();
             },
             write: function(value) {
                 self.DescriptionEncoded($('<div/>').text(value).html());
             }
         });

In this way I can access the escaped property from my popup and the unescaped value is not sent back to the server when I serialize my viewmodel (using .toJSON()).

Is there a more global way to handle this rather than creating computed properties for every object that may have some text that appear to be a bad request while not compromising on security? I've considered an overload/helper to the serialization routine that would accept a list of properties to apply a Find/Replace I am thinking this will have to be handled on a case by case basis in a manner similar to what I've already done. As for sending the data back to the server, I could override the toJSON() method on my view model and delete the properties that don't need to be sent back, but that won't help me with my popup.

Thoughts?

like image 502
Brian Avatar asked Mar 25 '26 14:03

Brian

1 Answers

You can encode using Ajax.JavaScriptStringEncode. You might also get the AntiXSS library and use it for the encoding.

I hope I understood your question well.

like image 88
A Khudairy Avatar answered Mar 27 '26 16:03

A Khudairy
Sign in to Comment

Related questions

ImageResizer and image files without an extension
Shielding nullable domain properties with ViewModel
ASP.NET Core 3.0 Identity doesn't add any authentication data to my browser
ASP.NET Core 3.1 app on IIS Express: "This site can't be reached"
How to simulate an Webhook using POSTMAN and receive it in an Action
StructureMap: The name 'ObjectFactory' does not exist in the current context
How to Pass a List of Items from View to Controller (ASP.NET MVC 4)
How to open a partial view by using jquery modal popup in asp.net MVC?
maintainScrollPositionOnPostBack in ASP.NET MVC
Updating Claims Value in ASP.NET MVC
The controller does not receive data from json
Different start layouts for different user types with asp.net mvc

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!