Properly escape JSON for usage as an object literal inside of a <script>
tag. Use htmlescape
in place of JSON.stringify
. For more info see JSON: The JavaScript subset that isn't.
from | to |
---|---|
& |
\\u0026 |
> |
\\u003e |
< |
\\u003c |
\u2028 |
\\u2028 |
\u2029 |
\\u2029 |
var htmlescape = require('htmlescape');
htmlescape({prop:'value'});
//=> '{"prop":"value"}'
Or in your templates:
<script>
var payload = <%= htmlescape(payload) %>;
</script>