2

Normally we should encode user input strings before displaying to avoid execution of malicious code. like this:

var encodedValue = $('<div />').text(value).html();

But how is it possible in Cocos Creator? Or it is not necessary and is taken care of by default? Thanks.

Blendester
  • 1,583
  • 4
  • 19
  • 43
  • This is a very interesting question, upvoted right away. I have not tried such a thing out. But did you attempt to try to run malicious code in a Cocos Game to see how it behaves? – Arka Mukherjee Apr 18 '19 at 22:31

1 Answers1

0

create a function like this, you may change console.log to return function, it's only return content of html elemenent, result will only "Hello world".

let div = document.createElement("div");
div.innerHTML = "<div>Hello world</div>";
console.log(div.innerText);
Đức Lê Công
  • 314
  • 2
  • 6