This project is read-only.

Protecting from JavaScript injection

Topics: Writing modules
Mar 4, 2011 at 4:51 PM


I'm writing a module that writes values that come from the user into JavaScript in the view.

Should I be displaying these with:


Or does Orchard protect me from nasty unicode characters?

Mar 4, 2011 at 4:59 PM

You should definitely do that. That will ensure the string stays a string, even it contains quotes or other nasties. I think you need to provide the quotes though.

Mar 5, 2011 at 12:19 PM
Edited Mar 5, 2011 at 12:19 PM

Thanks. I'll make sure I do that for all string values to keep everything nice and secure.