Hi,

a) I write javascript in expression (no escape)?

"xAxis: {

        categories: [" + in_categories + "],

  }"

(in_categories = 'birds','fish','mamals')

And I got "HTML Injection" waring ?


b)So I added encodeJavascript, 

"xAxis: {

        categories: [" + encodeJavascript(in_categories) + "],

  }"

But I got erorr in chrome browser.

Uncaught SyntaxError: Invalid or unexpected token

     xAxis: {

        categories:[\x27birds\x27,\x27fish\x27,\x27mamals\]

     }

How to correct it.



Solution

Hi, 

See this topic: https://www.outsystems.com/forums/discussion/20696/encodejavascript-causes-javascript-to-not-run-but-then-get-security-warning/

EncodeJavaScript is meant to encode literals, not JavaScript expressions like you have. 

Just be sure to encode the values in the list, one by one, if they come from the user. If they are hardcoded, you don't need to worry (I think) . 

Cheers 

Solution

Hi Eduardo Jauch,

Thank you very much.