-
-
Notifications
You must be signed in to change notification settings - Fork 861
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
toJson causes encoding of utf-8 characters #3119
Comments
I think you need to use rawColumns? |
I am using rawColumns, but it could be a security issue, if the column data could contain html/javascript, right? I'm trying to establish a difference between utf-8 and html when it comes to encoding data from the database. |
Yes, rawColumns will also allow the js script. Maybe try using the column.render api. |
I appreciate the thought, but I tend to re-use these APIs for more than just datatables front-ends, so I'd prefer to get just the exact utf-8 data as-is, except if there is html/js which could pose a security risk. |
This issue is stale because it has been open for 30 days with no activity. Remove stale label or comment or this will be closed in 7 days. |
This issue was closed because it has been inactive for 7 days since being marked as stale. |
Summary of problem or feature request
When selecting data with valid utf-8 characters, the JsonResponse html encodes the data. I can disable this by using the rawColumns method, but I do want it to escape html specific things, just not normal characters that would not have an impact on xss. I think that maybe characters like
'
('
orU+0027
) should maybe be unmangled by default. My apologies if I've overlooked something or this has been addresses since version 8. I searched around in the issues, and while I did find some issues related to this, I didn't spot anything specific to this issue.Code snippet of problem
data that shows the issue:
"COEUR-D'ALENE"
is returned as"COEUR-D'ALENE-ID"
System details
The text was updated successfully, but these errors were encountered: