Format Code
Run Code
<!DOCTYPE html> <html> <head> <title>Preventing XSS Example</title> <script src="https://code.jquery.com/jquery-3.6.0.min.js"></script> <script> function escapeHtml(text) { return text .replace(/&/g, "&") .replace(/</g, "<") .replace(/>/g, ">") .replace(/"/g, """) .replace(/'/g, "'"); } $(document).ready(function(){ $("#btn").click(function(){ let input = $("#input").val(); $.ajax({ url: "https://your-api.com/data", method: "POST", data: JSON.stringify({ input: input }), contentType: "application/json", success: function(data){ $("#result").html(`<p>Data: ${escapeHtml(data)}</p>`); }, error: function(xhr, status, error){ $("#result").html(`<p>Error: ${status}</p>`); } }); }); }); </script> </head> <body> <input id="input" type="text" placeholder="Enter input"> <button id="btn">Submit</button> <div id="result"></div> </body> </html>
console output