DataTables
Advanced interaction
features for your tables.
Editor
Comprehensive editing
library for DataTables.
Manual
Download
Show site navigation

HTML escaping of orthogonal data in custom render function

HTML escaping of orthogonal data in custom render function

togamidtogamid Posts: 1Questions: 1Answers: 0
in Free community support

Hi,
I have a datatable that receives untrusted data via ajax and displays it. It uses a custom render function, which receives requests from the SearchPanes extension and normal requests.
My question is whether requests for values used in the SearchPane need to be escaped and if yes how to do that in a way that does not impact the search functionality.

Thanks!

Answers

  • allanallan Posts: 65,740Questions: 1Answers: 10,934 Site admin

    Hi,

    The return from an display data request should be escaped (as it is rendered into the HTML), while the return from filter is what is actually searched for (and doesn't touch the DOM, but generally shouldn't include HTML, since a user is not likely to search on tags and classes).

    Allan

Sign In or Register to comment.

DataTables

DataTables designed and created by SpryMedia Ltd.
© 2007-2025 MIT licensed. Privacy policy. Supporters.
SpryMedia Ltd is registered in Scotland, company no. SC456502.