> ...Form.serialize(true) is not escaping any HTML characters while the
> object is made.
HTML characters don't need to be escaped to be sent as URL-encoded
data, the <, >, and & aren't special. Other charcters, such as
plus signs (+), percent signs (%), and many others do need to be
encoded to bet sent in URL-encoded data.
Prototype does the URL-encoding at the point where the data becomes a
string. So if you call Form#serialize(false), because you're getting
back a URL-encoded string, special characters like the percent sign
are encoded; but if you call Form#serialize(true), no encoding is done
and you get back an object instance -- and then the encoding is done
as part of making the Ajax call, when that instance is converted into
a URL-encoded string.
Independent Software Consultant
tj / crowder software / com
On Oct 17, 8:26 pm, Xirt <arnoonl...@gmail.com> wrote:
> I was playing around with a simple texteditor, but it seems that
> Form.serialize(true) is not escaping any HTML characters while the
> object is made. In contrast, Form.serialize(false) is escaping the
> characters, but according to the API the 'key-value'-pairs are not the
> prefered way to submit forms using AJAX (http://www.prototypejs.org/
> learn/introduction-to-ajax). Is this behaviour of escaping a feature,
> a bug and more important: how can I submit the data as an object while
> making sure code is actually submitted as well (thus escaped)?
You received this message because you are subscribed to the Google Groups
"Prototype & script.aculo.us" group.
To post to this group, send email to firstname.lastname@example.org
To unsubscribe from this group, send email to
For more options, visit this group at