When using parameters from the URL, it should always be sanitized before using it in your javascript. Using jQuery you can easily do: var safeString = $(“<span></span>”).text(unsafeString).html(); Using plain javascript: var entityMap = { "&": "&", "<": "<", ">": ">",…
The post Escape strings for use in JavaScript appeared first on My Monkey Do.