Escaping against XSS in JavaScript
In content: Escaped output
Escaped values: Escaped output
/**
* Escape output with XHTML entities
* This copies the string, and would need to get modified
* in order to handle larger values.
*/
function escapeHTML(output) {
var escaped_output = '';
var temp_char = null;
for (var i = 0; i < output.length; i++) {
temp_char = output.charCodeAt(i).toString(16).toUpperCase();
if (temp_char.length == 2) {
escaped_output += '&#x' + temp_char + ';';
} else {
escaped_output += '�' + temp_char + ';';
}
}
return escaped_output;
}