ExtJS, display script tag in text area from json obj

Question

I want to display a script tag in plain text that is returned in a json obj.

A user enters some text in a text area, the text contains <Script>. I want the user to be able to do this. The form is submitted using json back to the server for some processing, the json returned contains the <Script> tag for the text area. I want to display it in plain text not try to execute it. ExtJS is calling eval on the value and throwing an error "Invalid character".

The json:

{"data":{"SourceFormat":"TAGS","SourceValue":"<IFRAME SRC=\"example.com\" WIDTH=300 HEIGHT=250 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR='#000000'>\r\n\r\<SCRIPT language=\"JavaScript1.1\" SRC=\"example.com;abr=!ie;\">\r\n\r\n</SCRIPT>\r\n\r\n<NOSCRIPT>\r\n\r\n<A HREF=\"example.com=$WEBMASTER/mnum=$MEDIANUMB/cstr=$CSTR/xsxdata=$XSXDATA/bnum=$BANNERNUM/optn=64?trg=http://example.com;abr=!ie4;abr=!ie5;sz=300x250;ord=$RANDOMNUM?\"&gt;\r\n\r\n&lt;IMG SRC=\"http://example.com;abr=!ie4;abr=!ie5;sz=300x250;ord=$RANDOMNUM?\" BORDER=0 WIDTH=300 HEIGHT=250 ALT=\"Click Here\"></A>\r\n\r\n</NOSCRIPT>\r\n\r\n</IFRAME>","StartDateTime":"0001-01-01T00:00:00"}}

json viewer also chokes on this

Answer 1

You need to html encode the data prior to displaying it. See Ext.util.Format.htmlEncode.