Hi,
a) I write javascript in expression (no escape)?
"xAxis: {
categories: [" + in_categories + "],
}"
(in_categories = 'birds','fish','mamals')
And I got "HTML Injection" waring ?
b)So I added encodeJavascript,
categories: [" + encodeJavascript(in_categories) + "],
But I got erorr in chrome browser.
Uncaught SyntaxError: Invalid or unexpected token
xAxis: {
categories:[\x27birds\x27,\x27fish\x27,\x27mamals\]
}
How to correct it.
See this topic: https://www.outsystems.com/forums/discussion/20696/encodejavascript-causes-javascript-to-not-run-but-then-get-security-warning/
EncodeJavaScript is meant to encode literals, not JavaScript expressions like you have.
Just be sure to encode the values in the list, one by one, if they come from the user. If they are hardcoded, you don't need to worry (I think) .
Cheers
Hi Eduardo Jauch,
Thank you very much.