Hi Mike, see below for my response.
On Mon, 5 Oct 2015 06:22:11 +0000 (UTC) Mike Cu <[email protected]> wrote: > I have an Ajax call like : > $( "#City" ).selectmenu({ > select: function( event, ui ) { > $.ajax({ url: '/cities', > type: "POST", > data: {'City':$("#City" > ).val()}}).success(function(data){ $("#display").html(data);}); > }, > > > }); Your indentation in this excerpt of JavaScript code is bad. Please fix it, see: https://en.wikipedia.org/wiki/Indent_style > does the default JSON serializer escape the data to prevent XSS, or should I > escape it manually? The JSON serialiser should in general pass the text passed to it as is. As a result, you should make sure to explictly escape it somewhere else (e.g: when passing the data to the .html ( ... ) call). And it's good that you make use of jQuery. -- Shlomi -- ----------------------------------------------------------------- Shlomi Fish http://www.shlomifish.org/ My Favourite FOSS - http://www.shlomifish.org/open-source/favourite/ Chuck Norris is the greatest man in history. He killed all the great men who could ever pose a competition. — http://www.shlomifish.org/humour/bits/facts/Chuck-Norris/ Please reply to list if it's a mailing list post - http://shlom.in/reply . _______________________________________________ dancer-users mailing list [email protected] http://lists.preshweb.co.uk/mailman/listinfo/dancer-users
