I'll try explain a little better, then. I'm trying to make a Quote Database, and trying to make it so switching between pages uses AJAX, loading them without refreshing. I grab the Quote objects and serialize them to JSON so jQuery can read it. Everything works fine, but the the quote field which contains the actual quote does not have HTML characters such as < and > changed into HTML entities which allows people to use HTML in quotes which I don't want. The form for entering quotes is from a ModelForm, which as far as I can tell, doesn't escape HTML characters when you validate and save it.
I've come accross cgi.encode, which works, but I don't feel it's the right way to do what I'm doing. On Jun 16, 5:59 pm, "Richard Dahl" <[EMAIL PROTECTED]> wrote: > What exactly are you trying to do? Are you worried about people entering > html into the form fields and having that saved to the database? If so, > Django's ORM escapes this for you when saving to the DB. you can use > jQuery's ajax functions to submit the form, and do normal form validation > with newforms and it will be escaped when saving to the DB. If there is > something else you are concerned about or trying to do, a bit more > information may result in better responses. > hth, > -richard > > On 6/16/08, Knifa <[EMAIL PROTECTED]> wrote: > > > > > Err, nevermind that actually. It didn't seem to work. > > > By escaping I mean like turning < into > and > into < etc like > > the "escape" filter does. > > > On Jun 16, 5:22 pm, Knifa <[EMAIL PROTECTED]> wrote: > > > Oh damn, I should have probably looked around a bit more, heh. I'm not > > > really used to JS yet. > > > > Thanks very much! > > > > On Jun 16, 5:09 pm, joshuajonah <[EMAIL PROTECTED]> wrote: > > > > > I'm not really catching what you're doing here. You want to escape > > > > html with javascript? Just use escape() > > > > > On Jun 16, 11:31 am, Knifa <[EMAIL PROTECTED]> wrote: > > > > > > Hello there. > > > > > > I'm using Serialization with JSON to pass data to jQuery. Everything > > > > > is working fine, except that the data for the fields of my model are > > > > > not escaped, allowing people to use HTML on my app. There isn't a > > > > > function as such in jQuery to do this (and I'm unsure if there is a > > > > > built in Javascript one) so I'm assuming I have to do this serverside > > > > > some how but i'm not really sure what to do. > > > > > > Any ideas would be greatly appreciated. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~----------~----~----~----~------~----~------~--~---
