Re^10: perl dancer route template hashref pass complex json file to server issue (the reverse)

Doesn't add quotes but it exists Template::Plugin::JavaScript - Encodes text to be safe in JavaScript document.write("[% sometext | js %]");

Comment on Re^10: perl dancer route template hashref pass complex json file to server issue (the reverse) Download Code

Replies are listed 'Best First'.
Re^11: perl dancer route template hashref pass complex json file to server issue (the reverse) by RamiD (Acolyte) on Jul 30, 2016 at 10:07 UTC
thanks , the following worked with me `<!DOCTYPE html> <html> <head> </head> <body> <div style = "padding: 100px 100px 10px;"> <script> var test2=<%passtoserver \| replace('"', '"') %>; var test3=JSON.stringify(test2); alert(test3); </script> <button type="text" > </div> </body> </html>` [download] without any change in client side, Rami D.	[reply] [d/l]
Re^12: perl dancer route template hashref pass complex json file to server issue (') by tye (Sage) on Jul 30, 2016 at 19:19 UTC
I suspect that your working code does not exactly match the code that you posted above. Trying to guess some things, I encourage you to test your code against a JSON value that contains strings containing a single quote / apostrophe character, a literal backslash character, even a newline character. Update: Oh, much later I realized how the code you posted could actually work. Valid JSON strings are also valid JavaScript source code. This might well open up a vector for doing cross-site JavaScript injection attacks, though that is likely true using your old 'eval' approach as well. - tye	[reply]