HTML entities in javascript are not encoded

[taraghi]

For the case the javascript code generates DHTML, the HTML entities in code (such as input, textarea, buttons etc.) are not encoded. As a result they are shown as HTML elements.
I suggest to use "htmlspecialchars" function from phpjs.org 1 to solve this issue:

in the while loop:
list += "

" + keys[i] + "

:

" + htmlspecialchars(d[keys[i]]) + "

";

Regards, Beni

[vladocar]

@taraghi : Yes, you are right. Thanks for the suggestion.
The thing is "htmlspecialchars" function is bigger then this entire project and I wanted to leave things super, super simple. I will leave this issue open in case someone runes into htmlspecialchars problem so they can easily implement "htmlspecialchars" function that you suggested.