HTML escaping data with ajax requests

If it is not HTML, it does not need HTML escaping, if it is not JS, it does not need JS escaping.

All escaping is context based. In general You should probably just avoid sending “text” in response and focus on sending data which is “converted” into whatever is the relevant DOM structures, either directly via DOM APIs or the roundabout ways jQuery offers. (in other words, your ajax response should be aimed at machines, and let the end machine to transform it to something which is readable by humans).

Still there are cases in which is more convenient to add full blown HTML texts to the response. If you go in that direction, the escaping should be relevant to how you are going to handle it on the browser side. jQuery’s html() expects a valid HTML therefore you will have to escape the textual parts of the HTML that you generate. DOM APIs might be more tolerant as depending on context they “know” what is an HTML tag and what is a text.

In any case I can’t think of any example in which you will have to do escaping on browser side. If you get yourself into such situation, you probably use the wrong DOM/jQuery APIs.

Commenting directly on your samples. The first one is wrong because if the text contains HTML tags, you will be escaping too much.

Related Posts:

  1. WordPress Ajax always returns a 404 error
  2. WordPress cascading dropdown selection search based on Parent Page & Child Page
  3. Display WordPress search results based on the selected Sub-Category
  4. How to use wp_ajax_set_post_thumbnail?
  5. Calling a method from functions.php on a click of a button
  6. Load custom field value into div with AJAX
  7. Nice scroll to wordpress
  8. Data fetch and delete by ajax request
  9. Handling an Ajax form submit
  10. Minify HTML, CSS, JS with PHPWee?
  11. Display notification only once
  12. Access/update database with jQuery
  13. How to display something in a div when the user clicks on a text in another div – no page refresh [closed]
  14. admin-ajax.php responding with 0
  15. Page Reloads Before AJAX Request Finishes
  16. Colorbox ajax loading of outside HTML content works perfect on localhost but not on server
  17. How to make custom total price reactive in navigation
  18. Slide in Panel WordPress Post
  19. How to prevent those PHP variables from being cached on WordPress?
  20. Ajax return code 400
  21. Show post in slider
  22. Trying to implement Ajax comments in WordPress, getting WP error
  23. How to test nonce with AJAX – Plugin development
  24. class click counter save number
  25. Ajax not working es expected (Returns 0)
  26. Creating a Multi-Level Associative Object Using AJAX
  27. Ajax – Call to undefined function get_option()
  28. Populate dropdown with Child Pages based on Parent Page chosen
  29. How to store data from multiple forms using ajax and php
  30. search and replace preword from author
  31. Ajax random number always the same
  32. Image upload via FormData API and AJAX is not working ($_FILES always empty)
  33. How to change redirection route to a php page for making it only accessible by logged-in members?
  34. How to send Ajax request from my plugin in admin dashboard?
  35. How to add a do_action on refreshing of WP customizer?
  36. How to pass Select value from Javascript to PHP to generate select option on change
  37. Setting value of session with Ajax not working
  38. AJAX success response is not working but it’s saving my changes
  39. WordPress Ajax Call inserting data but success response false
  40. admin-ajax Firing Error 400 When Logged In
  41. Add Codepen animation as Preloader to WordPress
  42. Making an AJAX call to refresh a table
  43. Load Posts on Click via Ajax into a DIV
  44. AJAX wp_insert_user WORKS but responds with “The site is not enabled”
  45. Override user-edit.php to design own profile page
  46. Why i can’t get custom fields value or post ID via Ajax?
  47. Cannot access $wpdb, comes back NULL
  48. Submitting a form, using Ajax, to run a SQL Select query based on user input from the form
  49. Incrementing PHP variable onclick to display posts by month
  50. Calling PHP Titles inside Javascript Markup
  51. Accessing an API with jQuery and AJAX
  52. Ajaxurl suddenly not defined
  53. Replacing WordPress Icons (menu,icons32, etc)?
  54. Ajax URLs without #!, how to prevent falling into single.php on load or reload?
  55. Is it possible to isolate and use WordPress functions outside of wordpress
  56. How to use wp_send_json() and output the value with ajax?
  57. Time Delay a URL Redirect for Specific Page
  58. Cascading dropdown select search based on Parent Page & Child Page
  59. html form: redirect page after form completes submit function and posts data
  60. Settings API form – submit with AJAX
  61. How do I call a value from the datase using ajax
  62. Post form – AJAX won’t upload featured image – Plugin development
  63. Search bar for wp menu
  64. Adding HTML Code to Replace Text in PHP
  65. Executing php on button press
  66. Add other class content with reference class value
  67. Load more posts using AJAX based on posts inside WP_Query
  68. How can i find wrong word in search box and replace with correct word
  69. Passing a value from an input field to a php function in WordPress?
  70. WordPress Slider is not working
  71. Filtering custom posts by using checkboxes for taxonomy in an ajax loop always gives server 500 error
  72. Show subcategory name selected in specific category woocoommerce
  73. Cannot successfully execute AJAX script to call function.php specific function. Using XAMPP localhost to test
  74. sessionStorage saves input value in browser but it is not loaded in the form field
  75. Collapsible menu on post sidebar only expands and does not collapse
  76. How to call a function from functions.php with ajax?
  77. ajax polling with admin-ajax.php
  78. number of posts with “Load More”
  79. Ajax wordpress function showing source code in alert and not value of input field?
  80. How to send Ajax Call from frontend without using wp_localize_script in Theme
  81. scroll scrpit to particular button position to next id when click button
  82. How to load WP_Editor JS files manually (with AJAX)?
  83. Bootstrap Carousel Indicators Won’t Cycle On Custom WordPress Theme
  84. A javascript function that simply runs a php function on the plugin
  85. Code works on page-example.php by not category-example.php
  86. Retrieve $_POST data to send to javascript without using localize script
  87. Where to find the html for WordPress site? [closed]
  88. Pass the updated value of aid from form using ajax
  89. 500 (Internal Server Error) of external php file
  90. Problems with plugin that fetches data from database with ajax
  91. Dynamic Gallery
  92. Trying to customize wordpress drop down categories
  93. Execute PHP code in Javascript onclick
  94. Load Meta box value into div AJAX [duplicate]
  95. Pass a PHP variable (loop-audio.php) to jQuery function (js/script.js)
  96. Is there a better way to output HTML as a shortcode?
  97. Load wp_editor on button click
  98. Remove Woocommerce product from cart with ajax/fetch
  99. WooCommerce Modal Fly cart on add to cart – With AJAX
  100. Word press – JSPDF – Sending PDF as attachment from wp_mail – Special characters