I'm working with a web service that will give me values like:
var text = "<<<&&&";
And i need to print this to look like "<<<&&&" with javascript.
But here's the catch: i can't use inner HTML(I'm actually sending this values to a prototype library that creates Text Nodes so it doesn't unescape my raw html string. If editing the library would not be an option, how would you unescape this html?
I need to undertand the real deal here, what's the risk of unescaping this type of strings? how does innerHTML does it? and what other options exist?
EDIT- The problem is not about using javascript normal escape/unescape or even jQuery/prototype implementations of them, but about the security issues that could come from using any of this... aka "They told me it was pretty insecure to use them"
(For those trying to undertand what the heck im talking about with innerHTML unescaping this weird string, check out this simple example:
<html>
<head>
<title>createTextNode example</title>
<script type="text/javascript">
var text = "<<<&&&";
function addTextNode(){
var newtext = document.createTextNode(text);
var para = document.getElementById("p1");
para.appendChild(newtext);
}
function innerHTMLTest(){
var para = document.getElementById("p1");
para.innerHTML = text;
}
</script>
</head>
<body>
<div style="border: 1px solid red">
<p id="p1">First line of paragraph.<br /></p>
</div><br />
<button onclick="addTextNode();">add another textNode.</button>
<button onclick="innerHTMLTest();">test innerHTML.</button>
</body>
</html>