> ...Form.serialize(true) is not escaping any HTML characters while the
> object is made.

HTML characters don't need to be escaped to be sent as URL-encoded
data, the <, >, and & aren't special.[1]  Other charcters, such as
plus signs (+), percent signs (%), and many others do need to be
encoded to bet sent in URL-encoded data.

Prototype does the URL-encoding at the point where the data becomes a
string.  So if you call Form#serialize(false), because you're getting
back a URL-encoded string, special characters like the percent sign
are encoded; but if you call Form#serialize(true), no encoding is done
and you get back an object instance -- and then the encoding is done
as part of making the Ajax call, when that instance is converted into
a URL-encoded string.

[1] http://en.wikipedia.org/wiki/Percent-encoding

T.J. Crowder
Independent Software Consultant
tj / crowder software / com

On Oct 17, 8:26 pm, Xirt <arnoonl...@gmail.com> wrote:
> I was playing around with a simple texteditor, but it seems that
> Form.serialize(true) is not escaping any HTML characters while the
> object is made. In contrast, Form.serialize(false) is escaping the
> characters, but according to the API the 'key-value'-pairs are not the
> prefered way to submit forms using AJAX (http://www.prototypejs.org/
> learn/introduction-to-ajax). Is this behaviour of escaping a feature,
> a bug and more important: how can I submit the data as an object while
> making sure code is actually submitted as well (thus escaped)?
You received this message because you are subscribed to the Google Groups 
"Prototype & script.aculo.us" group.
To post to this group, send email to prototype-scriptaculous@googlegroups.com
To unsubscribe from this group, send email to 
For more options, visit this group at 

Reply via email to