Hi, > ...Form.serialize(true) is not escaping any HTML characters while the > object is made.
HTML characters don't need to be escaped to be sent as URL-encoded data, the <, >, and & aren't special.[1] Other charcters, such as plus signs (+), percent signs (%), and many others do need to be encoded to bet sent in URL-encoded data. Prototype does the URL-encoding at the point where the data becomes a string. So if you call Form#serialize(false), because you're getting back a URL-encoded string, special characters like the percent sign are encoded; but if you call Form#serialize(true), no encoding is done and you get back an object instance -- and then the encoding is done as part of making the Ajax call, when that instance is converted into a URL-encoded string. [1] http://en.wikipedia.org/wiki/Percent-encoding HTH, -- T.J. Crowder Independent Software Consultant tj / crowder software / com www.crowdersoftware.com On Oct 17, 8:26 pm, Xirt <arnoonl...@gmail.com> wrote: > I was playing around with a simple texteditor, but it seems that > Form.serialize(true) is not escaping any HTML characters while the > object is made. In contrast, Form.serialize(false) is escaping the > characters, but according to the API the 'key-value'-pairs are not the > prefered way to submit forms using AJAX (http://www.prototypejs.org/ > learn/introduction-to-ajax). Is this behaviour of escaping a feature, > a bug and more important: how can I submit the data as an object while > making sure code is actually submitted as well (thus escaped)? --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Prototype & script.aculo.us" group. To post to this group, send email to prototype-scriptaculous@googlegroups.com To unsubscribe from this group, send email to prototype-scriptaculous+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/prototype-scriptaculous?hl=en -~----------~----~----~----~------~----~------~--~---