Hacker News new | past | comments | ask | show | jobs | submit login

jamesjyu: If you haven't seen Backbone.Model's "escape" method yet, it can help sanitize your model attributes, without having to constantly re-escape them at every use.

http://documentcloud.github.com/backbone/#Model-escape




Does rendering attributes using jQuery's text() method[1] properly sanitize the model attributes too?

I ask because I'm making a backbone app and I'm following the same process found in Ben Nolan's mobile app [2] where he does something like

  this.el.find('h1').text("Editing " + (this.model.getName()));

  [1] http://api.jquery.com/text/
  [2] https://github.com/bnolan/Backbone-Mobile/blob/master/application.js


Yes. jQuery's text() method will properly escape HTML fragments.

It's just a bit more verbose and a bit slower than using .escape("attribute") within a template.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: