Merge pull request #14028 from uberllama/json_escape_comments
Amended json_escape comments
This commit is contained in:
commit
de9313ce7c
@ -85,6 +85,11 @@ def html_escape_once(s)
|
||||
# automatically flag the result as HTML safe, since the raw value is unsafe to
|
||||
# use inside HTML attributes.
|
||||
#
|
||||
# If your JSON is being used downstream for insertion into the DOM, be aware of
|
||||
# whether or not it is being inserted via +html()+. Most JQuery plugins do this.
|
||||
# If that is the case, be sure to +html_escape+ or +sanitize+ any user-generated
|
||||
# content returned by your JSON.
|
||||
#
|
||||
# If you need to output JSON elsewhere in your HTML, you can just do something
|
||||
# like this, as any unsafe characters (including quotation marks) will be
|
||||
# automatically escaped for you:
|
||||
|
Loading…
Reference in New Issue
Block a user